The WordPress core fixed several bugs including a redirect bypass in the theme customizer, an information disclosure issue via the page/post revision history feature, and the most critical security flaw the project fixed is a bug that allowed attackers to change a user’s password by leveraging stolen cookies. Read the full details here.