WordPress rolled out version 5.2.4 patching six vulnerabilities as a short-term fix prior to the release of version 5.3.
WordPress version 5.2.3 and earlier are affected by these bugs.
The problems covered included an issue where stored XSS could be added via the Customizer, a method of viewing unauthenticated posts, a way to create a stored XSS to inject Javascript into style tags, a method to poison the cache of JSON GET requests via the Vary: Origin header, a server-side request forgery in the way that URLs are validated and issues related to referrer validation in the admin area.
All of the vulnerabilities were discovered by outside researchers who privately disclosed them to WordPress. The updated version is now available here.
