WordPress version 5.2.4 security release fixes 6 security issues that affect earlier versions of 5.2.3.
- An issue where stored XSS (cross-site scripting) could be added via the Customizer screen.
- A bug through which you can easily view unauthenticated posts.
- A method using Vary: Origin header to poison the cache of JSON GET requests.
- A server-side request forgery(SSRF) in the way that URLs are validated.
- Issues related to referrer validation in the admin.
WordPress 5.2.4 is a short-cycle security release. The next major release will be version 5.3.
You can download WordPress 5.2.4 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.
Log in to cPanel ⇒ go to the SOFTACULOUS APPS INSTALLER section of the cPanel home screen ⇒ click any of the options under Categories. In the icon list at the top right, ⇒ click the icon (All Installations icon) ⇒ Locate the application that you want to update ⇒ and click the icon (Upgrade icon).