WordPress 5.2.3 is now available!
This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade.
If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you.
Notice: NullWebScripts.com, Is a Team of passionate Web Developers and Designers, Our Team goal is to improve our website's performance and usability, so that you could really get a great benefit from our website web materials. Also We share files under the terms of GPL (GNU General Public License) Which enables us to provide Premium WordPress Themes, Plugins, Blogger Templates, Sites Templates, Android Apps/Games & PHP Scripts for testing purposes only. We do promote WordPress and Bloggers Web Design Materials and Scripts to All users globally including you, downloading the latest material of your choice, This is for you to check the item before proceeding in buying any of the theme, plugin, php script, from the Original developer/designer. If the item fulfill your requirements and you’re satisfied with it then buy it from the Original Developer Website, through the Demo Link provided before the Download Link of every items Published on NullWebScripts Website Platform. for commercial use. We also want to inform you that, we do not host any of the files downloaded here, so it means that, this site only contains downloadable links from 3rd party sites by individual users which are freely available on all over the Internet.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
- Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
- Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
- Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.
- Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
- Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
- In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.
You can browse the full list of changes on Trac.
For more info, browse the full list of changes on Trac or check out the Version 5.2.3 documentation page.
WordPress 5.2.3 is a short-cycle maintenance release. The next major release will be version 5.3.
You can download WordPress 5.2.3 from the button at the top of this page, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.