WordPress 3.5.2 Security and Maintenance Release

By Robert Abela on June 22nd, 2013 in WordPress Security News

WordPress has just pushed out the new WordPress version 3.52. This version addresses 12 bug fixes, 7 of which are security fixes. We strongly encourage you to update your WordPress blog or website immediately to ensure your WordPress is secure.

WordPress 3.5.2 Security Fixes:

  • CVE-2013-2199: Server-Side Request Forgery (SSRF) via the HTTP API.
  • CVE-2013-2200: Privilege Escalation vulnerability which allows contributors to publish posts, and WordPress users can reassign post authorship.
  • CVE-2013-2205: Cross-Site Scripting (XSS) vulnerability in SWFUpload component (JavaScript library that wraps Flash Player upload function)
  • CVE-2013-2173: Denial of Service (DoS) via Post Password Cookies
  • CVE-2013-2204: Content Spoofing via Flash Applet in TinyMCE Media Plugin.
  • CVE-2013-2201: Cross-Site Scripting (XSS) web application vulnerability when uploading media
  • CVE-2013-2203: Full Path Disclosure (FPD) vulnerability when uploading of files fails.

Additional security hardening was done to also address the below list of issues:

  • CVE-2013-2201: Low severity Cross-Site Scripting (XSS) vulnerability when editing media and when installing or updating plugins and themes.
  • CVE-2013-2202: XML External Entity Injection (XXE) via oEmbed.

Upgrading WordPress

You can upgrade WordPress from the WordPress dashboard, a.k.a. wp-admin seciton. Alternatively, follow our WordPress tutorial Upgrading WordPress for Beginners. Download the latest version of WordPress from here.

To keep your WordPress secure, update as soon as possible. Contact us if you need assistance with upgrading your WordPress blog or website.

WordPress Hosting, Firewall and Backup

WP White Security is hosted on A2 Hosting, protected with BBQ:Block Bad Queries Firewall and backed up with BlogVault online WordPress backup service

Leave a Reply

Your email address will not be published. Required fields are marked *