WordPress 5.2.4 Release: Six Security Issues Addressed
On October 14th, the developers of core WordPress released WordPress version 5.2.4. The WordPress 5.2.4 release addressed six WordPress security issues, seen as severe possible CVE (Common Vulnerabilities and Exposures). All the six new security issues were reported privately via the WordPress liable disclosure process.
Similar to other WordPress security releases, all WordPress users should, without delay, update to the recent WordPress version to ensure their websites are secure. But, if you have enabled automatic updates on your site, the current version has started rolling out to websites.
Further, all main branches of WordPress have received the recent WordPress security fixes, right from WordPress version 3.7 to 5.2. In any case, you have not enabled the automatic updates, go to your WordPress admin Dashboard>> Updates and make the Update.
Alternatively, you can download WordPress version 5.2.4 from the WordPress.org release archive. After that, make a manual update to ensure your website is free from the risk of potential
In this blog, we will cover
- What is WordPress?
- WordPress 5.2.4 Release
- WordPress 5.2.4 Security Release Breakdown
- What is the latest version of WordPress?
What is WordPress?
It is a free-of-cost and open-source content management system written in PHP paired with MariaDB or MySQL database. It works by combining a database, some core files, and a dashboard to let you manage the whole thing.
WordPress 5.2.4 Release
WordPress 5.2.4 is a short-cycle security release. It is a maintenance update. This release fixes six security issues. Here are the WordPress security issues that were noted in the WordPress 5.2.4 release announcement. And, all were rectified in all versions that have been updated:
- A server-side request forgery(SSRF) bug that involves how to validate URLs.
- Problems with validation of referrer in the WordPress admin.
- A bug that lets unauthorized posts get viewed.
- Stored Cross-site scripting (XSS) bug in customizer.
- Some problem which authorized stored XSS to insert JavaScript in the <styles> tags.
- Cache poisoning problem that involves the use of Vary: Origin header of JSON GET requests.
Previous WordPress versions 5.2.3 and earlier are affected by these multiple bugs, which are now fixed in version 5.2.4. Remember, this security update only fixes specific security vulnerabilities and bugs only.
WordPress 5.2.4 Security Release Breakdown
1. Server-Side Request Forgery (SSRF) in URL Validation
SSRF is a vulnerability where an attacker manipulates or controls an HTTP client into making requests. In this, an attacker may send HTTP requests to the web server’s Local Area Network (LAN) or other services and websites on the Internet. This vulnerability has been rectified in the WordPress 5.2.4 security release.
2. Validation of Referrer in the WordPress Admin
This affects the check admin referrer WordPress function. As stated in the official WordPress statement, ‘this vulnerability makes sure that a user was referred from another admin page.’
3. Unauthorized posts get viewed
In this vulnerability, unauthenticated users can view your private or draft posts. This vulnerability has been rectified in the WordPress 5.2.4 release.
4. Stored Cross-site scripting (XSS) bug in the customizer
Unauthenticated users can make changes to the WordPress theme to directly customize the interface. This vulnerability has been rectified in the WordPress 5.2.4 release.
5. Stored XSS in Style tags
This vulnerability affects style HTML tags. HTML style tags are used to add inline CSS to a HTML document. This vulnerability has been rectified in the WordPress 5.2.4 version.
6. JSON Request Cache Poisoning
Cache poisoning problem that involves the use of Vary: Origin header of JSON GET requests. This has to do with Cross-Origin Resource Sharing (CORS) and how Content Delivery Networks (CDNs) examine the CORS Origin HTTP request header.
What is the latest version of wordPress?
WordPress 5.8 Tatum is the latest version of WordPress. It consists of complete site editing, WebP Images, Global Styles and Settings, and much more.
WordPress is an ever-evolving software with regularly released new features, maintenance updates and, security fixes. These critical updates ensure the safety and efficiency of the WordPress system.
If you’re running a WordPress website, you must update to the latest WordPress version to ensure you have the latest features, protection, and performance enhancements.
Although no bug is flagged as critical, you should not ignore the Update for your security. You can download the latest version of WordPress update problems. After all, WordPress 5.2.3 and earlier versions have been affected by these different problems with WordPress sites. Thus, to resolve these WordPress issues, you need to update to WordPress version 5.2.4. You can download WordPress 5.2.4 version or visit Dashboard → Updates and click Update now.
In a blog post that accompanied the security update, core WordPress developers stated that WordPress 5.2.4 was short-term release security. And, WordPress 5.3 version would be the next main release. This release is scheduled to happen on November 12th. Further, it has promised to have: new block APIs, updates about the Website Health, accessibility updates, and notable enhancements on the block editor.
Helpbot is a WordPress support agency that provides proactive WordPress website maintenance and professional WordPress support services to website owners from different business niches. Get 24×7 WordPress support for fixing common WordPress errors.