WordPress 5.2.4 Security Release

WordPress 5.2.4 was released on 14 October 2019.

WordPress 5.2.4 is a security release which addresses six security issues and two bugs.

As with any security release – it’s important that you update immediately.

What does it fix?

Security issues fixed in the WordPress 5.2.4 Security Release:

  • a bug that allowed the theme Customizer to store XSS (cross-site scripting)
  • a bug that allowed viewing unauthenticated posts
  • a bug that allowed XSS to inject JavaScript into style tags
  • a bug that provided a way to poison the cache of JSON GET requests via the Vary: Origin header
  • server-side request forgery in the way that URLs are validated
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin

Bugs fixed:

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.