Dissecting the WordPress 5.2.3 Update
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing.
Based on our analysis, none of the vulnerabilities fixed in this release are major. They all require some level of privileged-user interaction or access to high-privilege accounts.