WordPress 5.2.4 Release: Six Security Issues Addressed

Home - WordPress Fixes - WordPress 5.2.4 Release: Six Security Issues Addressed
Security Issues

WordPress 5.2.4 Release: Six Security Issues Addressed

On October 14th, the developers of core WordPress released WordPress version 5.2.4. This release addressed six WordPress security issues, which were seen as possible serious vulnerabilities. All the six new security issues were reported privately via the WordPress liable disclosure process.

Similar to other WordPress security releases, all WordPress users should, without delay, update to the recent WordPress version, to ensure their websites are secure. But, if you have enabled automatic updates on your site, the recent version has started rolling out to websites.

Further, all main branches of WordPress have received the recent WordPress security fixes, right from WordPress version 3.7 to 5.2. In any case, you have not enabled the automatic updates, go to your WordPress admin Dashboard>> Updates and make the update. Alternatively, you can download WordPress version 5.2.4 from the WordPress.org release archive.

security issues

Alternatively, you can download WordPress version 5.2.4 from the WordPress.org release archive. After that, make a manual update to ensure your website is free from the risk of potential vulnerabilities.

Helpbot is a WordPress support agency which provides proactive WordPress website maintenance and professional WordPress support services to website owners belonging to different business niche. Get 24x7 WordPress support for fixing common WordPress errors.

updated security issues:-​​​​​

Here are the WordPress security issues that were noted in the release announcement. And, all were rectified in all versions that have been updated:

  • A server-side request forgery(SSRF) bug that involves how to validate URLs.
  • Problems with validation of referrer in the WordPress admin.
  • A bug that let unauthorized posts to get viewed.
  • Stored Cross-site scripting (XSS) bug, which could get added through the customizer screen.
  • Some problem which authorized stored XSS to insert JavaScript in the <styles> tags.
  • Cache poisoning problem that involves the use of Vary: Origin header of JSON GET requests.

Although no bug flagged as critical, you should not ignore the update for your security. You can download the latest version of  WordPress update problems .  After all, WordPress 5.2.3 and earlier versions have been affected by these different problems with WordPress sites. Thus, to resolve these WordPress issues, you need to update to WordPress version 5.2.4.

In a blog post that accompanied the security update, core WordPress developers stated that WordPress 5.2.4 was a short-term release security. And, WordPress 5.3 version would be the next main release. This release is scheduled to happen on 12th November. Further, it has promised to have: new block APIs, updates about the Website Health, accessibility updates, and notable enhancements on the block editor.

Need help regarding WordPress Security issues? Consult best WordPress Security services by WordPress Support Agency!