WordPress 5.2.3 Security and Maintenance Release is now out. The update includes 29 feature enhancements and fixes, as well as security fixes.
WordPress highlights multiple security updates in 5.2.3, to include fixes for six different cross-site scripting (XSS) vulnerabilities or related attacks. Simon Scannell of RIPS Technologies found two of the XSS bugs, one in post previews by contributors and the other in stored comments.
Another researcher Zhouyuan Yang of Fortinet’s FortiGuard Labs found an XSS vulnerability in shortcode previews. In addition, other XSS-related fixes address media uploads and dashboard issues.
The latest release also addresses an issue where validation and sanitization of a URL could lead to an open redirect.
For more information, readers can check out the full WordPress 5.2.3 documentation page that includes details on changes and security fixes.