Liverpool: In recent years, the open source WordPress content management platform has appeared to become the dominant player in the web CMS space.
WordPress 3.5.2 is a maintenance and security release that fixes numerous issues in the blogging software. The development team recommends strongly that site admins and webmasters update their blogs instantly to the new version.
As far as security fixes are concerned, the following have been resolved in WordPress 3.5.2:
- Server-side request forgery attacks that could provide attackers with access to the site
- Contributors can no longer publish posts improperly
- The SWFUpload library has been updated that fixes several cross-site scripting vulnerabilities
- Blocking denial of service attacks against sites that use password protected posts
- An update to TinyMCE fixing a cross-site scripting vulnerability
- Multiple cross-site scripting vulnerability fixes
- Full path not disclosed when uploads fail
Another 12 maintenance related issues have been fixed in the new release.
Read More: WordPress CMS Development
Top of the list is: “Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.” and
Multiple fixes for cross-site scripting.
Cross-Site Scripting (XSS) attacks have long been among the top attack vectors so it's great to see swift action from WordPress in fixing these flaws.
If you are already running a WordPress 3.5.x site, you can revise your site easily from the dashboard – which is something you must do – NOW.
You can check the 12 flaws here on the WordPress tracker.