WordPress 5.2.4 Security Release is now available. It includes 6 security fixes. This security release was issued by WordPress and is for all the previous versions. WordPress suggests strongly that you have this update applied to your WordPress website without delay and so do we.
WordPress versions 5.2.3 and earlier are affected by the below-mentioned 6 security issues. They have now been fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.
WordPress 5.2.4 Security Updates
- Fixed an issue where stored XSS (cross-site scripting) could be added via the Customizer.
- A new way of viewing unauthenticated posts.
- A method to poison the cache of JSON GET requests via the Vary: Origin header.
- A server-side request forgery in the way that URLs are validated.
- Issues related to referrer validation in the admin.
We, as WordPressers, owe it to the reporters of these issues for practicing responsible disclosure. The previous version of WordPress, WordPress 5.2.3 was released on 5th September 2019.
You can download WordPress 5.2.4 here or venture over to your WordPress Dashboard > Update and simply click on the Update Now button. Sites that support automatic background updates are already beginning to update to WordPress 5.2.4.