WordPress developers released a security and maintenance version 5.2.3 that includes 29 fixes, several enhancements and security patches.
These flaws affect the versions 5.2.2 and earlier of the popular CMS.
Most of the security flaws addressed with the release of the version 5.2.3 are cross-site scripting (XSS) issues.
The development team credited Simon Scannell of RIPS Technologies for two of the flaws addressed with the new version.
“This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes” reads the security advisory published by WordPress.
“These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade.”
In March, RIPS disclosed two XSS flaws, a first one affecting post previews by contributors, the second one in stored comments. RIPS experts also reported other flaws that can be exploited for remote code execution.
The first one was a CSRF vulnerability in WordPress reported by Simon Scannell that could potentially lead to remote code execution attacks. The other issue disclosed by RIPS Technologies is a critical remote code execution vulnerability in versions of WordPress prior
5.0.3, that remained uncovered for 6 years.
The flaw could be exploited by an attacker who gains access to an account with at least ‘
WordPress credited Tim Coen for disclosing an issue where validation and
The security advisory is also informing
The change aims at protecting WordPress users from XSS attacks exploiting a flaw in previous versions of
As usual, websites that support automatic updates may have already been updated. The administrators of websites for some reasons have disabled automatic updates can do it from the Updates section of their WordPress dashboard.
(SecurityAffairs – Security, XSS)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.