The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure.
Like any security release, users should update immediately to the latest version to keep their sites secure.
For those with automatic updates enabled, the new version is already rolling out to sites. All major branches of WordPress from version 3.7 to 5.2 received the new security fixes. If automatic updates are not enabled, users should update from the “Updates” screen under “Dashboard” in the WordPress admin. Otherwise, users can download WordPress from the release archive and manually run an update to make sure their site is not at risk to what are now publicly-known vulnerabilities.
In the release announcement, the following security issues were noted. They were corrected in all updated versions.
- Stored cross-site scripting (XSS) could be added from the Customizer screen.
- An issue that allowed stored XSS to inject JavaScript into
<style>
tags. - A bug that allowed unauthenticated posts to be viewed.
- A method to use the
Vary: Origin
header to poison the cache of JSONGET
requests (REST API). - A server-side request forgery (SSRF) with how URLs are validated.
- Issues with referrer validation in the WordPress admin.
For developers who want to dive more into the code changes, the changeset is available on GitHub. Most changes should not affect plugins or themes. However, it is worth noting that the static
query property was removed in this release. This removal affects both the WP
and WP_Query
classes. Developers should test their plugins against this version to make sure nothing is broken if their projects rely on this property. It is unlikely that many plugins rely on this query variable.
WordPress 5.2.4 also includes a couple of other bug fixes. One removes a line of code that makes an extra call to the wp-sanitize.js
script in the script loader. The second fix addresses an issue where the directory path wasn’t normalized on Windows systems, which led to the wp_validate_redirect()
function removing the domain. This fixes a bug created in WordPress 5.2.3.
Who is The Best WordPress 5.2.4 Cloud Hosting?
Often overlooked, web hosting is one of the key components of every successful website. Choosing the best web hosting for your needs can improve your SEO and increase sales. There are various different types of WordPress hosting options available such as Free, Shared, VPS, Dedicated, and managed WordPress hosting. In this guide, we will help you choose the best WordPress hosting for your website.To choose the best and affordable WordPress 5.2.4 cloud hosting for your websites, we recommend you going with the best and affordable WordPress 5.2.4 cloudhosting, ASPHostPortal is the leading provider of Windows hosting and affordable WordPress 5.2.4 Hosting. The price starts from $3.81 per month. To more information about WordPress 5.2.4 cloud hosting please visit http://asphostportal.com/Why Choose ASPHostPortal ?
- Build Your Website – Use ASPHostPortal.com’s website building tools to get that special, customized look for your website. A nifty wizard will walk you through the process.
- All-inclusive prices unbeatable value – Other companies promise cheap hosting, but then charge extra for setup fees, higher renewal rates, or promotional services. With ASPHostPortal.com, the listed price is the number you’ll pay, and you can expect a fully loaded, comprehensive suite of web services.
- Fast and Secure Server – ASPHostPortal powerful servers are especially optimized and ensure the best WordPress performance. They have the best data centers on three continent and unique account isolation for security.
- Easy to Use and Manage – ASPHostPortal.com web space explorer lets you manage your website files with a browser. A control panel lets you set up and control your server functions with ease.