Wordpress Logo

WordPress 5.2.4 Security Release

Die Blog und CMS Software WordPress, erhielt das Security Update 5.2.4. Das Update schließt 6 Sicherheitslücken und sollte umgehend installiert werden.

WordPress 5.2.4 Release Notes

  • Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
  • Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
  • Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

Quelle: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.