The developers of WordPress last week issued a short-cycle maintenance release for its content management system software, introducing 29 fixes and improvements.
The new version, 5.2.3, remedies six issues that can enable cross-site scripting (XSS) attacks. These include XSS flaws found in post previews, stored comments and shortcode previews, and another XSS vulnerability that results from improper URL sanitization. WordPress also disclosed two reflected XSS bugs: one that emerges during media uploads and another found in the dashboard.
The latest release also fixes an open redirect flaw that results from improper validation and sanitization.