WordPress 5.2.3 is availalbe!
This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
These security fixes address bugs that have been affecting WordPress versions 5.2.2 and earlier. Make sure you upgrade to address these!
If you haven’t updated to WordPress 5.2, apparently there are updated versions of 5.0 and earlier versions that fix these bugs for you as well. Just remember, it is always safest from a security standpoint, to have the ‘latest’ version of WordPress. Don’t put your site at risk, upgrade today![/et_pb_text][et_pb_divider color=”rgba(38,124,193,0.88)” _builder_version=”3.12.2″ _i=”2″ _address=”220.127.116.11″][/et_pb_divider][et_pb_text _builder_version=”3.27.4″ header_font=”||||||||” custom_margin=”18px|||||” _i=”3″ _address=”18.104.22.168″]
Security Updates:[/et_pb_text][et_pb_code _builder_version=”3.7″ _i=”4″ _address=”22.214.171.124″][/et_pb_code][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”3.25″ custom_padding=”0|0px|2px|0px|false|false” _i=”1″ _address=”2.1″][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” _i=”0″ _address=”2.1.0″ custom_padding__hover=”|||”][et_pb_text _builder_version=”3.27.4″ text_font=”||||||||” text_text_color=”#000000″ text_font_size=”16px” text_line_height=”1.8em” text_font_size_tablet=”19px” text_font_size_phone=”16px” text_font_size_last_edited=”on|phone” _i=”1″ _address=”126.96.36.199″ custom_padding=”||4px|||”]
- A cross-site scripting (XSS) vulnerability was found, as well as a second cross-site scripting vulnerability in stored comments. This was pointed out by Simon Scannel of RIPS Technologies.
- An issue with validation and URL sanitization was pointed out to lead to an open redirect by Tim Coen.
- Anshul Jain disclosed a reflected cross-site scripting that occurred during media uploads.
- There was a cross-site scripting vulnerability found in shortcode previews by Zhouyuan Yang of Forntinet’s FortiGuard Labs.
- Ian Dunn of the Core Security Team found and disclosed a case where reflected cross-site scripting could be found in the dashboard.
- An issue with URL sanitization was found to lead to cross-site scripting (XSS) attacks by Soroush Dalili.
- In addition to changes above, they have also updated jQuery on older versions of WordPress. This change was added in 5.2.1 but is now being brought to older versions.
You can view a list of changes on TRAC
WordPress 5.2.3 is a short-cycle maintenance release. The next major release will be version 5.3.
You can download WordPress 5.2.3 from this link, or visit your Dashboard → Updates and click Update Now.
Remember to fully backup your site before updating to the latest version![/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]