WordPress 5.2.4 Security Release

WordPress 5.2.4 is now available! This security release fixes 6 security issues.

WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

Security Updates

  • Fixed an issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • Fixed a method of viewing unauthenticated posts.
  • Fixed a way to create a stored XSS to inject Javascript into style tags.
  • Fixed a method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Fixed a server-side request forgery in the way that URLs are validated.
  • Fixed issues related to referrer validation in the admin.

WordPress 5.2.4 is a short-cycle security release. The next major release will be version 5.3.

You can download WordPress 5.2.4 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

Before updating anything on your WordPress website, making a backup is always a good practice.