WordPress 3.5.2 packs 7 security issues
Ravi Mandalia | On 24, Jun 2013
Developers of the open source blogging software WordPress have rolled out the security and maintenance release of the WordPress 3.5 and have fixed a total of 12 bugs which includes fixes for 7 security issues.
According to the developers, on top of the security fixes, the update also contains hardening measures that provides additional security to WordPress installations and they have strongly urged all users to update their installations to version 3.5.2 immediately.
The security fixes in 3.5.2 include blocking of server-side request forgery (SSRF) attacks; updates to the TinyMCE editor, the external SWFUpload library and other components to protect against cross-site scripting (XSS) holes; update to WordPress’s password protection for posts that could lead to denial-of-service (DoS) attacks among others; and update that disallows contributors from improperly publishing posts or reassigning the post to a different author among others.