The developers of WordPress last week issued a short-cycle maintenance release for its content management system software, introducing 29 fixes and improvements.
The new version, 5.2.3, remedies six issues that can enable cross-site scripting (XSS) attacks. These include XSS flaws found in post previews, stored comments and shortcode previews, and another XSS vulnerability that results from improper URL sanitization. WordPress also disclosed two reflected XSS bugs: one that emerges during media uploads and another found in the dashboard.
The latest release also fixes an open redirect flaw that results from improper validation and sanitization.
In their security notification, WordPress developers note that they have additionally updated earlier versions of their CMS software to fix various bugs and update the iQuery JavaScript library.
Gloss