WordPress just released a core version 5.2.4 that is packed with new updates and fixes to resolve all the issues that were appearing lately. They released six security issues, all privately reported through WordPress’ responsible disclosure procedure. Those who have the automatic version enabled, the new version is already available to them. Whereas others can check the “updates” screen under the “Dashboard” in the WordPress admin. Users can also manually download the new version from the release archive.
- Cross-site scripting (XSS) added from the Customizer screen.
- An issue that permitted unauthenticated posts to be viewed.
- A solution to use the Vary: Origin header to poison the cache of JSON GET requests (REST API).
- A server-side request forgery (SSRF) to see how URLs are validated
- Glitches with referrer validation in the WordPress admin.
This upgrade also includes some bug fixes. One of them is removing a line of code that leads to an extra call to the wp-sanitize.js script in the script loader. Another bug fix was that the directory path wasn’t normalized on Windows systems, which led to the wp_validate_redirect() function removing the domain. This bug was created in 5.2.3 and has now been resolved.
To upgrade your previous version to the latest WordPress 5.2.4 version, click here – https://wordpress.org/wordpress-5.2.4.zip