The most popular CMS, WordPress is out with its latest update, 5.2.3, which is mainly a security update before it upgrades to 5.3 later this year. WordPress announced in a blog post that this security update has 29 fixes!
Overall it has plenty of enhancements and fixes for a better experience. Therefore, if you see this notification on your WordPress Dashboard, have your WordPress developer update your version.
One of the vulnerabilities that it fixed is cross-site scripting (XSS) in post previews and comments. According to our head of WordPress, this leaves your site exposed to attacks and you should immediately look into updating.
If you use WordPress daily, you might know that media uploads, shortcode previews, and dashboard had cross-site scripting issues as well. A problem with URL sanitization is also susceptible to potential cross-site scripting attacks.
Apart from XSS, there was also a problem that leads to an open redirect in case of validation and sanitization of a URL.
WordPress thanked and acknowledged the people who brought these vulnerabilities to their attention in the first place, in their post.
Security patch updates are the most crucial updates for any type of software, from apps to content management systems. And just like these people who pointed out the vulnerabilities in WordPress, many developers or even users bring such things to the attention of software companies, in public service.
This will be the last update for WordPress 5.2, as WordPress 5.3 is slated to arrive in November this year. It begins beta testing as early as the end of this month.
Older software can expose your website to hackers who can get access to your backend, your payment module, and even your users’ sensitive information.
If you are using an older version of the CMS, now is the perfect time to update to the latest version to safeguard your site from being exposed to attacks. When you log into your account, there will be an update notification at the top. And if you have a high-traffic website, we would suggest you run 5.2.3 WordPress update on staging, let your QA team do what they do best and then put it in production.
We would like to thank the people who bring these vulnerabilities to light so that it limits the damage of the WordPress community.
Also, we are anticipating a detailed release of these vulnerabilities by researchers. This means hackers will have full information on how to exploit these shortcomings which put your website to greater risks. Hence, our only advice would be to get right on the updates.
Biztech Consulting & Solutions is a decade old company providing innovative digital IT solutions to SMEs and enterprises globally. We provide secure customized WordPress solutions aligned with the latest technological developments. To know more, visit our WordPress Development Services page from here.
All product and company names are trademarks™, registered® or copyright© trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.