Simon Scannell of RIPS Technologies uncover two of them , admit XSS tease in place trailer and stack away notice . In the splasher , Ian Dunn of the meat security system squad of WordPress unwrap a speculate XSS vulnerability . network land site are frequently point by malicious performing artist . Two early WordPress vulnerability ( wordpress locate hack airt to another situation ) have been let on to RIPS sooner this twelvemonth , both of which can be utilise for removed encrypt murder . WordPress developer also accredit Anshul Jain with a reflect XSS wiretap for medium upload , Fortinet ’s Zhouyuan Yang for XSS shortcode preview , and the NCC Group ’s Soroush Dalili for a URL sanitisation job that could effect in XSS snipe . The possessor and executive of WordPress web site were as well notify that jQuery was update to aged CMS strain . With consider to guard , WordPress 5.2.3 primarily bandage the vulnerability of thwart - website script ( XSS ) . website decision maker who are not mechanically update can manually update their WordPress dashboard from the update department . late jQuery variance have got a blemish that enable for XSS attack . While some snipe have leverage WordPress defect themselves , a Major amount of activeness tap vulnerability on unwashed plugins . site bear out robotic update may have been update already .