The developers of WordPress have issued a short-cycle maintenance release for its content management system software, introducing 29 fixes and improvements.
The new version, 5.2.3, remedies six issues that can enable cross-site scripting (XSS) attacks. These include XSS flaws found in post previews, stored comments and shortcode previews, and another XSS vulnerability that results from improper URL sanitisation. WordPress also disclosed two reflected XSS bugs: one that emerges during media uploads and another found in the dashboard.
The latest release also fixes an open redirect flaw that results from improper validation and sanitisation.
This article was originally published on SC Media US.