WordPress developers released a security and maintenance version 5.2.3 that includes 29 fixes, several enhancements and security patches.
These flaws affect the versions 5.2.2 and earlier of the popular CMS.
Most of the security flaws addressed with the release of the version 5.2.3 are cross-site scripting (XSS) issues.
The development team credited Simon Scannell of RIPS Technologies for two of the flaws addressed with the new version.
“This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes” reads the security advisory published by WordPress.
“These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade.”
In March, RIPS disclosed two XSS flaws, a first one affecting post previews by contributors, the second one in stored comments. RIPS experts also reported other flaws that can be exploited for remote code execution.
The first one was a CSRF vulnerability in WordPress reported by Simon Scannell that could potentially lead to remote code execution attacks. The other issue disclosed by RIPS Technologies is a critical remote code execution vulnerability in versions of WordPress prior
5.0.3, that remained uncovered for 6 years.
The flaw could be exploited by an attacker who gains access to an account with at least ‘
WordPress credited Tim Coen for disclosing an issue where validation and
The security advisory is also informing
The change aims at protecting WordPress users from XSS attacks exploiting a flaw in previous versions of
As usual, websites that support automatic updates may have already been updated. The administrators of websites for some reasons have disabled automatic updates can do it from the Updates section of their WordPress dashboard.
(SecurityAffairs – Security, XSS)