WordPress 5.2.4 is a short-cycle security release which fixes the following six potentially problematic vulnerabilities:
- A bug in which cross-site scripting (XSS) payloads could be added via the Customizer.
- A security weakness that meant unauthenticated posts could be viewed.
- A flaw that opened the door for a stored XSS to inject JavaScript into style tags.
- A cache poisoning weakness involving JSON GET requests via the Vary: Origin header.
- A server-side request forgery bug related to URLs validation.
- Issues related to referer validation in the admin.
You can find more information about this release here.