WordPress 5.2.4 Release: Six Security Issues Addressed

Home - WordPress Fixes - WordPress 5.2.4 Release: Six Security Issues Addressed
Security Issues

WordPress 5.2.4 Release: Six Security Issues Addressed

On October 14th, the developers of core WordPress released WordPress 5.2.4 version. This release addressed six security issues, which were seen as possible serious vulnerabilities. All the six security issues were reported privately via the WordPress liable disclosure process.

Similar to other security releases, all WordPress users should, without delay, update to the recent version, to ensure their websites are secure. But, if you have enabled automatic updates on your site, the recent version has started rolling out to websites.

Further, all main branches of WordPress have received the recent security fixes, right from WordPress version 3.7 to 5.2. In any case, you have not enabled the automatic updates, go to your WordPress admin Dashboard>> Updates and make the update.

Alternatively, you can download WordPress 5.2.4 from the WordPress.org release archive. After that, make a manual update to ensure your website is free from the risk of potential vulnerabilities.

security issues

updated security issues:-​​​​​

Here are the security issues that were noted in the release announcement. And, all were rectified in all versions that have been updated:

  • A server-side request forgery(SSRF) bug that involves how to validate URLs.
  • Problems with validation of referrer in the WordPress admin.
  • A bug that let unauthorized posts to get viewed.
  • Stored Cross-site scripting (XSS) bug, which could get added through the customizer screen.
  • Some problem which authorized stored XSS to insert JavaScript in the <styles> tags.
  • Cache poisoning problem that involves the use of Vary: Origin header of JSON GET requests.

Although no bug flagged as critical, you should not ignore the update for your security. After all, WordPress 5.2.3 and earlier versions have been affected by these different problems. Thus, to resolve these issues, you need to update to WordPress 5.2.4 version.

In a blog post that accompanied the security update, core WordPress developers stated that WordPress 5.2.4 was a short-term security release. And, WordPress 5.3 version would be the next main release. This release is scheduled to happen on 12th November.

Further, it has promised to have: new block APIs, updates about the Website Health, accessibility updates, and notable enhancements on the block editor.


Leave A Comment


Get Instant WordPress Support

Get Instant WordPress Support