WordPress 5.2.3 security and maintenance release features 29 fixes including enhancements. Older milestone releases too receive this update in the form of a minor version.
- A cross-site scripting (XSS) vulnerability was found in post previews by contributors.
- The second was a cross-site scripting vulnerability in stored comments.
- An issue where validation and sanitization of a URL could lead to an open redirect.
- Reflected cross-site scripting during media uploads.
- Vulnerability for cross-site scripting (XSS) in shortcode previews.
- Reflected cross-site scripting could be found in the dashboard.
- Issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
Also older versions of WordPress receive a jQuery update.
Here’s the full list of changes on Trac. All in all there are about 30 issues that are addressed in this release (including the updated about page that shows up in the admin area upon WordPress update).