As of June 21st, WordPress 3.5.2 is available and offers security patches and fixes for 12 bugs. WordPress writes on its’ news blog “… we strongly encourage you to update your sites immediately.” Sounds serious!
The security fixes include:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
- Multiple fixes for cross-site scripting.
- Avoid disclosing a full file path when a upload fails.
As always, backup your site and it database before installing any update.
For those with WordPress Service Plan, you’ve already been upgraded!