WordPress Managed Hosting - 40% Off For 4 Months - Coupon Code: BFCM2021 Avail Now

New Security Fixes Arrive in WordPress 5.2.4 Update

Farhan Ayub — October 16, 2019 2 Minutes Read
new security fixes on WordPress 5.2.4

WordPress 5.2.4 is now available and the release addresses 6 security fixes. All the security vulnerabilities were reported by WordPress community people, in a standard practice where they privately disclose the security problems to the WordPress core development team.

Earlier versions of WordPress, from 3.7 to 5.2, have all received the following fixes in 5.2.4 release:

  1. An issue where stored XSS (cross-site scripting) could be added via the Customizer screen
  2. A bug through which you can easily view unauthenticated posts
  3. An issue which let stored XSS to inject Javascript into <style> tags
  4. A method using Vary: Origin header to poison the cache of JSON GET requests
  5. A server-side request forgery(SSRF) in the way that URLs are validated
  6. Issues related to referrer validation in the admin

The following are the files where code changes are placed:

  • /wp-includes/class-wp.php
  •  /wp-includes/class-wp-query.php
  •  /wp-includes/functions.php
  •  /wp-includes/http.php
  •  /wp-includes/pluggable.php
  •  /wp-includes/rest-api.php

For those who want to dive in the codings can find the complete code changes on GitHub.

This version is fully focused on security fixes. However, some other changes are also introduced in this release like in the script loader where they remove this line of code:

It was removed since the code above makes an extra call to wp-sanitize.js.

Secondly, some lines of code have been added in script pluggable and script redirect to normalize the Windows path when validating the location for relative URLs.

If automatic updates are enabled on your WordPress, then this version may already be installed on your site. If not, then you can install this latest version by updating your existing WordPress version by going to Dashboard > Updates > Update Now menu in your site’s admin area. Another way is to download WordPress from the release archive. WordPress 5.2.4 is a short-cycle security release with the next major release being version 5.3.

For more WordPress updates and news, follows us on Twitter & Facebook.

Create Faster WordPress Websites!

Free eBook on WordPress Performance right in your inbox.


    Create Faster WordPress Websites!

    Free eBook on WordPress Performance right in your inbox.

      Farhan is a community manager at WPblog. He loves to work with WordPress and has a passion for web development. Mostly, he spends his time interacting with the people in the WordPress community. Apart from his work life, Farhan spends his time gaming and playing sports. Feel free to contact him at Farhan[at]wpblog.com.

      THERE'S MORE TO READ

      Newsletter

        WordPress Help Zone - Ultimate WordPress Pit-Stop

        Learning WordPress? Or are you expert enough to help others? Join our WP Facebook group!