WordPress 5.2.4 Security Release

WordPress 5.2.4 is a short-cycle security release that has been released from wordpress.org this morning.

This WordPress security update fixes 6 security issues.

According to the update article on wordpress.org WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4.

Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

Fixes to the following security issues are available in the new version 5.2.4 release:

  • Issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • A method of viewing unauthenticated posts.
  • A method to create a stored XSS to inject Javascript into style tags.
  • A method to poison the cache of JSON GET requests via the Vary: Origin header.
  • A server-side request forgery in the way that URLs are validated.
  • Issues related to referrer validation in the admin.

For more information, you can browse the full list of changes on Trac or check out the Version 5.2.4 documentation page.

Leave a comment