Die Blog und CMS Software WordPress, erhielt das Security Update 5.2.4. Das Update schließt 6 Sicherheitslücken und sollte umgehend installiert werden.

WordPress 5.2.4 Release Notes

• Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
• Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
• Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
• Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
• Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
• Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

Quelle: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/