WordPress 5.2.3 released, this version fixes six security holes and 29 questions, the official suggested that all WordPress users should upgrade to the latest version as soon as possible.
Fixed in version five XSS vulnerabilities and an open redirect vulnerabilities that are discovered by a third-party researchers, security fixes are as follows:
- RIPS technology company Simon Scannell found two problems: the first is cross-site scripting contributor in the post preview (XSS) vulnerabilities; the second is a review of the stored cross-site scripting vulnerability
- Tim Coen found a problem: URL validation and clean-up could lead to open redirects
- Anshul Jain discovered cross-site scripting vulnerability in the media upload process
- Short codes preview Zhouyuan Yang of Fortinet's FortiGuard Labs found in cross-site scripting (XSS) vulnerabilities
- Ian Dunn of the Core Security Team found a vulnerability reflected cross-site scripting in the dashboard
- Soroush Dalili from NCC discovery may lead to cross-site scripting (XSS) attack URL to clean up problem
Note: WordPress 5.2.3 requires PHP version greater than 5.6.20. There are also 29 bug fixes, see the complete list of release notes:
https://wordpress.org/support/wordpress-version/version-5-2-3/
download link: