WordPress 5.2.4 security update


On the evening of October 14, 2019, the updated version was released to the public WordPress 5.2.4.

Για να ενημερώσετε στην έκδοση WordPress 5.2.4, μπορείτε να το κάνετε αυτόματα από την διαδρομή Dashboard > Updates menu, ή επισκεφτείτε την διεύθυνση https://wordpress.org/download/release-archive/ to download the new version.WordPress

Από την ανακοίνωση της έκδοσης WordPress 5.2.4 βλέπουμε ότι όλες οι εκδόσεις 5.2, διέθεταν τα παρακάτω bugs, τα οποιά επιδιορθώθηκαν στην 5.2.4.

Software updates are also available for versions 5.1 or 3.7 for anyone not using the 5.2 version.

Vulnerabilities that the new version fixes:

Evan Ricafort discovered an XSS (cross-site scripting) problem that could work in Customizer.
JD Grimes discovered and mentioned a method that can be seen in unauthenticated posts.
Weston Ruter found an XSS with Javascript injected into style tags
David Newman discovered a method for poisoning the cache of JSON GET requests via the Vary: Origin header.
Eugene Kolodenker found a server-side request forgery
Ο Ben Bidner από την WordPress Security Team ανακάλυψε προβλήματα στο referrer validation του admin.

Those of you who want to upgrade manually, the files that were changed with the update are:

/wp-includes/class-wp.php /wp-includes/class-wp-query.php /wp-includes/functions.php /wp-includes/http.php /wp-includes/pluggable.php / wp-includes /rest-api.php

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news