WordPress has released version 5.2.4 security update that fixes multiple bugs. All WordPress versions 5.2.3 and earlier are affected.
WordPress version 5.2.4 is a short-cycle security release. Moreover, the next major release will be WordPress version 5.3.
According to the WordPress 5.2.4 security release, the following bugs have been fixed:
- Stored XSS (cross-site scripting) could be added via the Customizer.
- Method of viewing unauthenticated posts.
- Stored XSS to inject Javascript into style tags.
- Method to poison the cache of JSON GET requests via the Vary: Origin header.
- Server-side request forgery in the way that URLs are validated.
- Issues related to referrer validation in the admin.
Users and administrators can download the latest version automatically from the Dashboard > Updates menu in your site’s admin area or visit the WordPress download page.