Release of WordPress 6.8.3

WordPress 6.8.3 is now available!

This is a security release that includes two fixes.

As this is a security release, updating your sites immediately is recommended.

You can download WordPress 6.8.3 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If your sites support automatic background updates, the update process will start automatically.

The next major release will be version 6.9, scheduled for December 2nd, 2025.
For more details on WordPress 6.8.3, please visit the version page on the HelpHub site.

Security updates included in this release

The security team would like to thank the following individuals for responsibly reporting vulnerabilities, allowing them to be addressed in this release:

• A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
• A cross-site scripting (XSS) vulnerability requiring an authenticated user role affecting the nav menus. Reported by Phill Savage.

These fixes have also been made available to all branches eligible for security fixes (currently through 4.7). As a reminder, only the most recent version of WordPress is actively supported.

Thank you to these WordPress contributors

This release was led by John Blackbourn.

Along with the security researchers and release squad members mentioned above, WordPress 6.8.3 would not have been possible without the contributions of the following individuals:

Aaron Jorbin, Abu Hurayra, Adam Zieliński, Alex Concha, Andrei Draganescu, David Baumwald, Ehtisham Siddiqui, Ian Dunn, Jake Spurlock, Jb Audras, Joe Hoyle, John Blackbourn, Jon Surrell, Jonathan Desrosiers, Michael Nelson, Peter Wilson, Phill, Robert Anderson, Ryan McCue, Scott Reilly,