On June 10, 2020, WordPress 5.2.7 was released to the public.
To download WordPress 5.2.7, visit WordPress releases archive.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Five security issues affect WordPress versions 5.4 and earlier.
- Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect()
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
- Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation
- Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions
One maintenance update was exceptionally backported from 5.4.2 to older branches:
- 49956 – Spammers able to share unmoderated comments (see dev note below)
wp-admin/themes.php wp-admin/includes/misc.php wp-admin/includes/media.php wp-includes/class-walker-comment.php wp-includes/class-wp-comment-query.php wp-includes/comment-template.php wp-includes/comment.php wp-includes/default-filters.php wp-includes/embed.php wp-includes/pluggable.php wp-includes/version.php package-lock.json package.json wp-comments-post.php
@wordpress/block-library: 2.4.7 @wordpress/edit-post: 3.3.7