Open Source WordPress 3.5.2 Updated for Security Issues

2 July 2013


Liverpool: In recent years, the open source WordPress content management platform has appeared to become the dominant player in the web CMS space.

WordPress 3.5.2 is a maintenance and security release that fixes numerous issues in the blogging software. The development team recommends strongly that site admins and webmasters update their blogs instantly to the new version.

As far as security fixes are concerned, the following have been resolved in WordPress 3.5.2:

  • Server-side request forgery attacks that could provide attackers with access to the site
  • Contributors can no longer publish posts improperly
  • The SWFUpload library has been updated that fixes several cross-site scripting vulnerabilities
  • Blocking denial of service attacks against sites that use password protected posts
  • An update to TinyMCE fixing a cross-site scripting vulnerability
  • Multiple cross-site scripting vulnerability fixes
  • Full path not disclosed when uploads fail

Another 12 maintenance related issues have been fixed in the new release. 

Read More: WordPress CMS Development

Top of the list is: “Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.” and

Multiple fixes for cross-site scripting.

Cross-Site Scripting (XSS) attacks have long been among the top attack vectors so it's great to see swift action from WordPress in fixing these flaws.

If you are already running a WordPress 3.5.x site, you can revise your site easily from the dashboard – which is something you must do – NOW.

You can check the 12 flaws here on the WordPress tracker.


Why Fortune Innovations?

  • Cost-saving for your projects, up to 40%
  • Hire web development and web designing specialists
  • Project management based out in Liverpool
  • 50 plus strong off shore development team based in Bangalore, India
  • Expert teams well verse with Web 2.0 standards
  • Quality-driven delivery model
  • Detailed time sheets, daily reporting and regular status updates
  • WordPress Development in Liverpool
  • Drupal Development in Liverpool
  • Joomla Development in Liverpool
  • eCommerce Magento Liverpool
  • Web Development Liverpool
  • Web Design Liverpool
  • jQuery development Liverpool
  • Zend framework development Liverpool
  • Airline IBE GDS Integration Navitaire Liverpool
  • Airline IBE GDS Integration Aamadeus Liverpool