WordPress 5.2.4 security update

This morning wordpress.org released a WordPress 5.2.4 security update.

WordPress 5.2.4 is a short-cycle security update that fixes 6 security issues found in earlier versions of WordPress.

According to the update article on wordpress.org WordPress versions 5.2.3 and earlier are affected by these bugs.

The security update fixes all the affected versions of WordPress.

Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

The following security issues are fixed in the new version 5.2.4 release:

  • Issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • A method of viewing unauthenticated posts.
  • A method to create a stored XSS to inject Javascript into style tags.
  • A method to poison the cache of JSON GET requests via the Vary: Origin header.
  • A server-side request forgery in the way that URLs are validated.
  • Issues related to referrer validation in the admin.

For more information, you can browse the full list of changes on Trac or check out the Version 5.2.4 documentation page.