If your website host hasn’t already updated your WordPress site to version 5.2.4, now is the time to make the leap – ASAP if you can.
The short-cycle security release addresses a number of security flaws, present in WordPress 5.2.3 and earlier releases. Those holes and exploits described include:
- An issue where stored XSS (cross-site scripting) could be added via the Customizer
- A method of viewing unauthenticated posts
- A method to poison the cache of JSON GET requests via the Vary: Origin header.
- A exploit allowing a server-side request forgery in the way that URLs are validated.
- Various issues related to referrer validation in the admin
As ever, keeping WordPress core updated at all times is the easiest way you can secure your WordPress website, and costs nothing at all.
WordPress 5.3 will be the next major release of Core and is expect to come sometime before the end of 2019.