WordPress 5.2.4 security update

WordPress 5.2.4 security update

WordPress has released version 5.2.4 security update that fixes multiple bugs. All WordPress versions 5.2.3 and earlier are affected.

WordPress version 5.2.4 is a short-cycle security release. Moreover, the next major release will be WordPress version 5.3.

According to the WordPress 5.2.4 security release, the following bugs have been fixed:

  • Stored XSS (cross-site scripting) could be added via the Customizer.
  • Method of viewing unauthenticated posts.
  • Stored XSS to inject Javascript into style tags.
  • Method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Server-side request forgery in the way that URLs are validated.
  • Issues related to referrer validation in the admin.

Users and administrators can download the latest version automatically from the Dashboard > Updates menu in your site’s admin area or visit the WordPress download page.