WordPress has just pushed out the new WordPress version 3.52. This version addresses 12 bug fixes, 7 of which are security fixes. We strongly encourage you to update your WordPress blog or website immediately to ensure your WordPress is secure.
WordPress 3.5.2 Security Fixes:
- CVE-2013-2199: Server-Side Request Forgery (SSRF) via the HTTP API.
- CVE-2013-2200: Privilege Escalation vulnerability which allows contributors to publish posts, and WordPress users can reassign post authorship.
- CVE-2013-2173: Denial of Service (DoS) via Post Password Cookies
- CVE-2013-2204: Content Spoofing via Flash Applet in TinyMCE Media Plugin.
- CVE-2013-2201: Cross-Site Scripting (XSS) web application vulnerability when uploading media
- CVE-2013-2203: Full Path Disclosure (FPD) vulnerability when uploading of files fails.
Additional security hardening was done to also address the below list of issues:
- CVE-2013-2201: Low severity Cross-Site Scripting (XSS) vulnerability when editing media and when installing or updating plugins and themes.
- CVE-2013-2202: XML External Entity Injection (XXE) via oEmbed.
You can upgrade WordPress from the WordPress dashboard, a.k.a. wp-admin seciton. Alternatively, follow our WordPress tutorial Upgrading WordPress for Beginners. Download the latest version of WordPress from here.
To keep your WordPress secure, update as soon as possible. Contact us if you need assistance with upgrading your WordPress blog or website.