The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure.
Like any security release, users should update immediately to the latest version to keep their sites secure.
For those with automatic updates enabled, the new version is already rolling out to sites. All major branches of WordPress from version 3.7 to 5.2 received the new security fixes. If automatic updates are not enabled, users should update from the “Updates” screen under “Dashboard” in the WordPress admin. Otherwise, users can download WordPress from the release archive and manually run an update to make sure their site is not at risk to what are now publicly-known vulnerabilities.
In the release announcement, the following security issues were noted. They were corrected in all updated versions.
- Stored cross-site scripting (XSS) could be added from the Customizer screen.
- An issue that allowed stored XSS to inject JavaScript into
<style>tags. - A bug that allowed unauthenticated posts to be viewed.
- A method to use the
Vary: Originheader to poison the cache of JSONGETrequests (REST API). - A server-side request forgery (SSRF) with how URLs are validated.
- Issues with referrer validation in the WordPress admin.
For developers who want to dive more into the code changes, the changeset is available on GitHub. Most changes should not affect plugins or themes. However, it is worth noting that the static query property was removed in this release. This removal affects both the WP and WP_Query classes. Developers should test their plugins against this version to make sure nothing is broken if their projects rely on this property. It is unlikely that many plugins rely on this query variable.
WordPress 5.2.4 also includes a couple of other bug fixes. One removes a line of code that makes an extra call to the wp-sanitize.js script in the script loader. The second fix addresses an issue where the directory path wasn’t normalized on Windows systems, which led to the wp_validate_redirect() function removing the domain. This fixes a bug created in WordPress 5.2.3.
Best and Cheap WordPress 5.2.4 Hosting
The hosting provider that we mean is ASPHostPortal. Who and why ASPHostPortal? ASPHostPortal is one of the best web hosting in the world. Founded in 2008, this company managed by a strong team of web hosting experts. Here are several reasons why you can choose them as your WordPress hosting partner. To make it clear, we have worked out a comprehensive review of the feature, performance, customer service and pricing of this service.
Respected By The WordPress Community
ASPHostPortal is well-respected in the WordPress community, especially for their quick, helpful support. All hosting companies have good and bad customer experiences on the web review, but if you look at ASPHostPortal’s review mentions the majority of feedback is positive.
From HostingAdvice (https://hostadvice.com/hosting-company/asphostportal-com-reviews/)
From WHTOP (https://www.whtop.com/review/asphostportal.com)
From Trustpilot (https://www.trustpilot.com/review/asphostportal.com)
Engineered For Speed
ASPHostPortal shared hosting ($3.81/month) is good. The speed depends on which plan you choose but each one comes with top-notch hardware, CDN, SuperCacher, and software for it’s a tier. ASPHostPortal also makes constant updates to improve speed – allowing customer sites to load even faster. This is our test result from GTMetrix, the loaded time is 0.7 second only.
Best Support In The Industry
With ASPHostPortal’s support system we have always been able to reach someone within minutes whether it be through 24/7 ticket. That’s because ASPHostPortal is a people-focused company who won’t make you wait around listening to bad elevator music. Their team is so helpful and will honestly bend over backward to make sure your issues are resolved. And they won’t tell you “it’s not a hosting-related problem” like other hosting companies.
Top-Notch Security
Not only will your site be protected through auto-updates, daily backups, and server protection, but ASPHostPortal also releases their own patches when there’s a widespread security vulnerability (with WordPress, or even a specific WordPress plugin). They’re both proactive AND reactive which is good because WordPress sites have become prime targets.
ASPHostPortal WordPress Hosting Plans
Whether you’re on a $3.81/month budget or you need a $12.99/month dedicated server, there’s a plan for everyone. I mentioned this already but I use their plan and my WordPress site loads in under 1 second.
Conclusion – ASPHostPortal Is Awesome For WordPress Hosting
Between their hosting and tech support, ASPHostPortal is a clear winner. I don’t write many articles on the other hosting companies because ASPHostPortal is in my opinion, the best. I do WordPress SEO and speed optimization for a living so I’ve been through a lot of hosts – and I’m just glad I found one who I can stick with and keep my website blazing fast.
