A now available second maintenance release for PHP 5.3 fixes more than 60 bugs and closes several security holes which were already corrected in version 5.2.13. Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases. A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. CVE-2019-11043 is trivial to exploit and a proof of concept is available.
Source: https://threatpost.com/new-php-maintenance-release-fixes-60-bugs-030510/73637/