WordPress 5.2.4 addresses major security flaws

Code snippets

If your website host hasn’t already updated your WordPress site to version 5.2.4, now is the time to make the leap – ASAP if you can.

The short-cycle security release addresses a number of security flaws, present in WordPress 5.2.3 and earlier releases. Those holes and exploits described include:

  • An issue where stored XSS (cross-site scripting) could be added via the Customizer
  • A method of viewing unauthenticated posts
  • An exploit allowing the creation of stored XSS to inject Javascript into style tags
  • A method to poison the cache of JSON GET requests via the Vary: Origin header.
  • A exploit allowing a server-side request forgery in the way that URLs are validated.
  • Various issues related to referrer validation in the admin

As ever, keeping WordPress core updated at all times is the easiest way you can secure your WordPress website, and costs nothing at all.

WordPress 5.3 will be the next major release of Core and is expect to come sometime before the end of 2019.