WordPress 3.5.2 update fixes security issues
Ghacks is running on WordPress and whenever the software gets updated, I not only update the blog but also write about it here on the site. The update notifications in the admin dashboard are helpful in this regard as they inform webmasters about updates directly. That's however only the case if you open the dashboard regularly. If you update your blog once a week, you may not notice that an update is available directly but only after a couple of days.
WordPress 3.5.2 is a maintenance and security release that fixes several issues in the blogging software. The development team suggests strongly that site admins and webmasters update their blogs immediately to the new version.
As far as security fixes are concerned, the following have been resolved in WordPress 3.5.2.
- Server-side request forgery attacks that could provide attackers with access to the site.
- Contributors can no longer publish posts improperly.
- The SWFUpload library has been updated that fixes several cross-site scripting vulnerabilities.
- Blocking denial of service attacks against sites that use password protected posts.
- An update to TinyMCE fixing a cross-site scripting vulnerability.
- Multiple cross-site scripting vulnerability fixes.
- Full path not disclosed when uploads fail.
Another 12 maintenance related issues have been fixed in the new release. You can check them out here on the WordPress tracker.
Updates should go through without issues on most blogs. I have updated half a dozen blogs so far and none acted up weirdly after the update. All plugins, the theme and the site's functionality worked just like before.
While that has been the case, it is still recommended to make a backup of your blog before you apply the update so that you can roll it back if you run into issues.
You can apply the update directly from the admin dashboard if your blog has been configured this way, or download it from the official website instead to update the blog manually instead.
Advertisement
I also have some issues while updating to 3.5.2.How can I revert back….
Updated to 3.5.2 and now my tables created on my website have disappeared. Can anyone help? To my detriment, I didn’t create a back up before I updated.
Just updated, looks like there were many security issues with the previous vversion. Can’t wait for 3.6 though.
In June 2013, Checkmarx’s research labs ran multiple security scans against the source code of the most popular WordPress plugins. The result? More than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. In total, 8 million vulnerable WordPress plugins were downloaded…..
The Security State of WordPress’ Top 50 Plugins
http://www.checkmarx.com/wp-content/uploads/2013/06/The-Security-State-of-WordPress-Top-50-Plugins3.pdf
Nice report, thanks for the info! I remember many years ago, I had a WP site that was pharma-hacked, never could get the site back to page 1 of Google–page 2 was it after years of work. Not even so much the loss of the content (before I took backing up seriously), but the SEO.
I saw that too, quite troubling