
Die Blog und CMS Software WordPress, erhielt das Security Update 5.2.4. Das Update schließt 6 Sicherheitslücken und sollte umgehend installiert werden.
WordPress 5.2.4 Release Notes
- Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
- Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
- Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
- Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
- Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
- Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
Quelle: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/