WordPress update fixes assortment of XSS flaws

News by Bradley Barth

WordPress developers have issued a short-cycle maintenance release for its content management system software, introducing 29 fixes and improvements

The developers of WordPress have issued a short-cycle maintenance release for its content management system software, introducing 29 fixes and improvements.

The new version, 5.2.3, remedies six issues that can enable cross-site scripting (XSS) attacks. These include XSS flaws found in post previews, stored comments and shortcode previews, and another XSS vulnerability that results from improper URL sanitisation. WordPress also disclosed two reflected XSS bugs: one that emerges during media uploads and another found in the dashboard.

The latest release also fixes an open redirect flaw that results from improper validation and sanitisation.

In their security notification, WordPress developers note that they have additionally updated earlier versions of their CMS software to fix various bugs and update the iQuery JavaScript library.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews