WordPress 5.2.4 security update

On the night of October 14 2019, the WordPress 5.2.4 update was released to the public.

To update to WordPress 5.2.4, you can do so automatically from Dashboard> Updates menu, or visit https://wordpress.org/download/release-archive/ to download the new version.WordPress

From the announcement of the WordPress 5.2.4 release we see that all versions of 5.2 had the following bugs, which were fixed in 5.2.4.

Software updates are also available for versions 5.1 or 3.7 for anyone not using the 5.2 version.

Vulnerabilities that the new version fixes:

Evan Ricafort discovered an XSS (cross-site ) that could work in the Customizer.
JD Grimes discovered and mentioned a method that can be seen in unauthenticated posts.
Weston Ruter found an XSS with Javascript injected into style tags
David Newman discovered a method to poison the cache of JSON GET requests via Vary:Origin .
Ο Kolodenker found a server-side request forgery
Ben Bidner from the WordPress Security Team discovered issues with the admin referrer validation.

For those of you who want to upgrade manually, the that changed with the update are:

/wp-includes/class-wp.php /wp-includes/class-wp-query.php /wp-includes/functions.php /wp-includes/http.php /wp-includes/pluggable.php / wp-includes /rest-api.php

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

wordpress

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).