Let’s update! WordPress 5.2.3 is now available for the public to test. The update was rolled out just a few hours earlier as Security and Maintenance Release. The release is for all the previous versions of WordPress. Therefore, we recommend you have this update applied to your WordPress site without any delay.
The WordPress 5.2.3 Security and Maintenance release includes a total of 29 enhancements with a handful of security fixes. Updated versions of WordPress 5.0 and older releases are also available for those who have not updated to WordPress 5.2 yet.
Some of the security issues in WordPress 5.2.3 Security and Maintenance Release include:
- A cross-site scripting (XSS) vulnerability found in post previews by contributors.
- A cross-site scripting vulnerability in stored comments.
- Validation and sanitization of a URL could lead to an open redirect.
- Reflected cross-site scripting during media uploads.
- Cross-site scripting (XSS) in shortcode previews.
- Reflected cross-site scripting found in the dashboard.
- URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, the team is also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.
According to the official announcement post, WordPress 5.2.3 Security and Maintenance release is a short-cycle release and the next major release is going to be WordPress 5.3 on November 12.
You can check out the full list of changelog to learn more about the changes in WordPress 5.2.3.
You can either directly download WordPress 4.9.5 Security and Maintenance Release or venture over to Dashboard > Updates and simply click “Update Now”.
Websites that support automatic background updates are already beginning to update to WordPress 5.2.3.