WordPress 5.2.4 Security Update

·

·

WordPress 5.2.4 was released on October 14 and fixes a few vulnerabilities in WordPress. This update is available for all versions of WordPress since 3.7 and fixes the following bugs:

  • An issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • A method of viewing unauthenticated posts was disclosed.
  • A vulnerability which allowed stored XSS to inject Javascript into style tags is now closed.
  • A method to poison the cache of JSON GET requests via the Vary: Origin header is disclosed.
  • A bug allowed a server-side request forgery in the way that URLs are validated.
  • An issue related to referrer validation in the admin was discovered and closed.

Remember to create a backup before installing an update.