WordPress 5.2.4 is now available! This security release fixes 6 security issues.
WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.
The following security vulnerabilities have been detected and addressed in this release:
Type: Maintenance work
Category: Advanced infrastructure
Start: October 16, 2019 3:00 AM CEST
End: October 16, 2019 3:05 AM CESTIn the above mentioned period maintenance on our European data-center will be performed. During this maintenance, the affected servers and the websites hosted accounts on them will not be available for about five minutes.
AltaGrade clients who have their projects hosted on Germany-based AltaGrade servers.
Project: Maxlength
Date: 2019-October-09
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site ScriptingThis module enables you to set a maximum length allowed on text fields and indicate how many characters are left.
The module doesn't sufficiently filter strings leading to a Cross Site Scripting (XSS) vulnerability.
Project: Localization update
Date: 2019-October-02
Security risk: Moderately critical 10∕25
Vulnerability: Insecure server configurationThis module enables you to automatically download and update the site's interface translation by fetching them from localize.drupal.org or any other Localization server.
Project: Simple AMP (Accelerated Mobile Pages)
Date: 2019-October-02
Security risk: Moderately critical 13∕25
Vulnerability: Access bypassThis module allows display of a site's content in AMP format.
The module doesn't sufficiently check access on unpublished or restricted content.
Install the latest version of the module.
Project: Gutenberg
Date: 2019-September-25
Security risk: Critical 16∕25
Vulnerability: Access bypassThis module provides a new UI experience for node editing - Gutenberg editor.
The routes used by the Gutenberg editor lack proper permissions allowing untrusted users to view and modify some content they should not be able to view or modify.
Install the latest version:
Project: Permissions by Term
Version: 8.x-1.x-dev
Date: 2019-September-25
Security risk: Moderately critical 14∕25
Vulnerability: Access bypass
This module enables you to control access to content based on taxonomy terms. The module doesn't sufficiently check if a given entity should be access controlled, defaulting to allowing access even to unpublished nodes.
The vulnerability is mitigated by the fact that the submodule Permissions by Entity must also be enabled.
Install the latest version:
Project: TableField
Version: 8.x-2.x-dev
Date: 2019-September-18
Security risk: Moderately critical 12∕25
Vulnerability: Access bypassThis module allows you to attach tabular data to an entity.
There is insufficient access checking for users with the ability to "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities.
According to the Public Service Advisory PSA-2011-002 - External libraries and plugins Drupal Security team has released an advisory today with regard to an exploit found in the third party library.
WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade.
If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you.
Security Updates