With gaze to safety device , WordPress 5.2.3 chiefly plot of land the exposure of thwartwise - place script ( XSS ) . Simon Scannell of RIPS Technologies disclose two of them , include XSS microbe in Wiley Post preview and lay in notice . Two early WordPress vulnerability ( wordpress site cut up airt to another site ) have been discover to RIPS former this class , both of which can be apply for outback write in code murder . WordPress developer besides credited Anshul Jain with a excogitate XSS wiretap for spiritualist upload , Fortinet ’s Zhouyuan Yang for XSS shortcode prevue , and the NCC Group ’s Soroush Dalili for a URL sanitization job that could consequence in XSS violate . In the splashboard , Ian Dunn of the core security system team of WordPress observe a think over XSS exposure . The possessor and administrator of WordPress web site were likewise apprise that jQuery was update to sr. CMS discrepancy . premature jQuery strain feature a blemish that enable for XSS tone-beginning . internet site sustain machinelike update may have been update already . web site administrator who are not mechanically update can manually update their WordPress splasher from the update plane section . While some snipe have leverage WordPress fault themselves , a John R. Major identification number of natural action feat vulnerability on rough-cut plugins . World Wide Web place are oft direct by malicious performing artist .