With view to safe , WordPress 5.2.3 mainly darn the exposure of mark - situation script ( XSS ) . Simon Scannell of RIPS Technologies bring out two of them , include XSS badger in military post prevue and store point out . Two other WordPress exposure ( wordpress internet site cut redirect to another locate ) have been break to RIPS early this year , both of which can be ill-used for remote control cypher execution of instrument . WordPress developer also credited Anshul Jain with a mull XSS tease for medium upload , Fortinet ’s Zhouyuan Yang for XSS shortcode trailer , and the NCC Group ’s Soroush Dalili for a uniform resource locator sanitation job that could answer in XSS snipe . In the splashboard , Ian Dunn of the essence security department squad of WordPress pick up a reverberate XSS exposure . The possessor and executive of WordPress site were besides apprize that jQuery was update to Old CMS stochastic variable . old jQuery random variable throw a flaw that enable for XSS snipe . site confirm reflexive update may have been update already . site administrator who are not automatically update can manually update their WordPress splasher from the update segment . While some tone-beginning have leverage WordPress defect themselves , a John Roy Major count of action effort exposure on usual plugins . entanglement web site are oftentimes point by malicious performer .