WordPress 5.2.4 Security Release
WordPress 5.2.4 is now available! This security release fixes 6 security issues.
WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.
- Fixed an issue where stored XSS (cross-site scripting) could be added via the Customizer.
- Fixed a method of viewing unauthenticated posts.
- Fixed a method to poison the cache of JSON GET requests via the Vary: Origin header.
- Fixed a server-side request forgery in the way that URLs are validated.
- Fixed issues related to referrer validation in the admin.
WordPress 5.2.4 is a short-cycle security release. The next major release will be version 5.3.
You can download WordPress 5.2.4 or visit
Dashboard → Updates and click
Update Now. Sites that support automatic background updates have already started to update automatically.
Before updating anything on your WordPress website, making a backup is always a good practice.