WordPress, a content management system that powers more than 30% of sites on the internet, announced the immediate availability of version 5.2.3. Jake Spurlock, a Technical Account Engineer at Automattic, said the
security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes.
WordPress 5.2.3 security updates
- A cross-site scripting (XSS) vulnerability found in post previews by contributors
- XSS vulnerability in stored comments
- Validation and sanitization of a URL could lead to an open redirect
- Reflected XSS during media uploads
- A vulnerability for XSS in shortcode previews
- Reflected XSS could be found in the dashboard
- URL sanitization that can lead to XSS attacks
- Updating jQuery on older versions of WordPress
Sites running WordPress are encouraged to update to the latest version as soon as possible. Alternatively, sites that support automatic background updates should already be in the process of updating to the latest version.
Version 5.2.3 will be followed by a major release expected in November 2019. As previously reported on Coywolf News, WordPress 5.3 will include a fix to a feature that helps keep sites from appearing in search results.