WordPress 5.2.4 Security Release

WordPress Security Release

WordPress 5.2.4 is a short-cycle security release which fixes the following six potentially problematic vulnerabilities:

  • A bug in which cross-site scripting (XSS) payloads could be added via the Customizer.
  • A security weakness that meant unauthenticated posts could be viewed.
  • A flaw that opened the door for a stored XSS to inject JavaScript into style tags.
  • A cache poisoning weakness involving JSON GET requests via the Vary: Origin header.
  • A server-side request forgery bug related to URLs validation.
  • Issues related to referer validation in the admin.

You can find more information about this release here.