WordPress 3.5.2 Security and Maintenance Release

Last updated on December 06th, 2014 by Robert Abela. Filed under WordPress Security News

WordPress has just pushed out the new WordPress version 3.52. This version addresses 12 bug fixes, 7 of which are security fixes. We strongly encourage you to update your WordPress blog or website immediately to ensure your WordPress is secure.

WordPress 3.5.2 Security Fixes:

  • CVE-2013-2199: Server-Side Request Forgery (SSRF) via the HTTP API.
  • CVE-2013-2200: Privilege Escalation vulnerability which allows contributors to publish posts, and WordPress users can reassign post authorship.
  • CVE-2013-2205: Cross-Site Scripting (XSS) vulnerability in SWFUpload component (JavaScript library that wraps Flash Player upload function)
  • CVE-2013-2173: Denial of Service (DoS) via Post Password Cookies
  • CVE-2013-2204: Content Spoofing via Flash Applet in TinyMCE Media Plugin.
  • CVE-2013-2201: Cross-Site Scripting (XSS) web application vulnerability when uploading media
  • CVE-2013-2203: Full Path Disclosure (FPD) vulnerability when uploading of files fails.

Additional security hardening was done to also address the below list of issues:

  • CVE-2013-2201: Low severity Cross-Site Scripting (XSS) vulnerability when editing media and when installing or updating plugins and themes.
  • CVE-2013-2202: XML External Entity Injection (XXE) via oEmbed.

Upgrading WordPress

You can upgrade WordPress from the WordPress dashboard, a.k.a. wp-admin seciton. Alternatively, follow our WordPress tutorial Upgrading WordPress for Beginners. Download the latest version of WordPress from here.

To keep your WordPress secure, update as soon as possible. Contact us if you need assistance with upgrading your WordPress blog or website.

WordPress Hosting, Firewall and Backup

This Website is:

Leave a Reply

Your email address will not be published. Required fields are marked *