WordPress 3.5.2 Security Update Released

WordPress 3.5.2 Security Update Released

WordPress is getting more and more stronger. WordPress 3.5.2 Security Update is just released! Its a highly recommended update. They have fixed 12 bugs related to security.

Security Fixes Provided By WordPress:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  • Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  • Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.

List of Files Modified In This Update:

  • readme.html
  • wp-admin/includes/media.php
  • wp-admin/includes/class-wp-importer.php
  • wp-admin/includes/file.php
  • wp-admin/includes/post.php
  • wp-admin/includes/upgrade.php
  • wp-admin/includes/schema.php
  • wp-admin/includes/class-wp-upgrader.php
  • wp-admin/includes/update-core.php
  • wp-admin/update.php
  • wp-admin/about.php
  • wp-admin/edit-form-advanced.php
  • wp-login.php
  • wp-includes/class-wp-xmlrpc-server.php
  • wp-includes/rss.php
  • wp-includes/functions.php
  • wp-includes/formatting.php
  • wp-includes/post.php
  • wp-includes/media-template.php
  • wp-includes/deprecated.php
  • wp-includes/wp-db.php
  • wp-includes/user.php
  • wp-includes/class-wp-admin-bar.php
  • wp-includes/version.php
  • wp-includes/class-phpass.php
  • wp-includes/comment.php
  • wp-includes/pluggable.php
  • wp-includes/class-feed.php
  • wp-includes/script-loader.php
  • wp-includes/class-http.php
  • wp-includes/js/media-editor.min.js
  • wp-includes/js/swfupload/swfupload-all.js
  • wp-includes/js/swfupload/handlers.js
  • wp-includes/js/swfupload/handlers.min.js
  • wp-includes/js/swfupload/swfupload.swf
  • wp-includes/js/plupload/handlers.js
  • wp-includes/js/plupload/handlers.min.js
  • wp-includes/js/tinymce/wp-tinymce.js.gz
  • wp-includes/js/tinymce/plugins/media/moxieplayer.swf
  • wp-includes/js/tinymce/tiny_mce.js
  • wp-includes/js/media-editor.js
  • wp-includes/class-oembed.php
  • wp-includes/post-template.php
  • wp-includes/http.php

So, I’m strongly recommends you to update your WordPress site now. Before update, take a backup of your database and files.

Happy blogging :-)

Source: WordPress.org

One comment

  1. this was actually informative – not like most of what i see online. sharing :)

Leave a Reply

Your email address will not be published. Required fields are marked *