Two former WordPress vulnerability ( wordpress locate whoop airt to another place ) have been expose to RIPS before this class , both of which can be practice for distant encrypt writ of execution . With affect to rubber , WordPress 5.2.3 chiefly fleck the vulnerability of sweep - internet site script ( XSS ) . website put up automatonlike update may have been update already . In the fascia , Ian Dunn of the gist security measures team up of WordPress bring out a muse XSS exposure . site decision maker who are not mechanically update can manually update their WordPress splashboard from the update division . network locate are oft target by malicious performer . The possessor and decision maker of WordPress site were also advise that jQuery was update to sometime CMS strain . Simon Scannell of RIPS Technologies uncover two of them , include XSS hemipterous insect in berth prevue and salt away comment . WordPress developer likewise credit Anshul Jain with a reflected XSS microbe for sensitive upload , Fortinet ’s Zhouyuan Yang for XSS shortcode prevue , and the NCC Group ’s Soroush Dalili for a uniform resource locator sanitation trouble that could outcome in XSS violate . late jQuery version make a defect that enable for XSS flack . While some attack have leverage WordPress flaw themselves , a major figure of activity feat vulnerability on commons plugins .