Wordpress 3.5.2 update fixes security issues - gHacks Tech News

WordPress 3.5.2 update fixes security issues

Ghacks is running on WordPress and whenever the software gets updated, I not only update the blog but also write about it here on the site. The update notifications in the admin dashboard are helpful in this regard as they inform webmasters about updates directly. That's however only the case if you open the dashboard regularly. If you update your blog once a week, you may not notice that an update is available directly but only after a couple of days.

WordPress 3.5.2 is a maintenance and security release that fixes several issues in the blogging software.  The development team suggests strongly that site admins and webmasters update their blogs immediately to the new version.

wordpress 3.5.2 update

As far as security fixes are concerned, the following have been resolved in WordPress 3.5.2.

  • Server-side request forgery attacks that could provide attackers with access to the site.
  • Contributors can no longer publish posts improperly.
  • The SWFUpload library has been updated that fixes several cross-site scripting vulnerabilities.
  • Blocking denial of service attacks against sites that use password protected posts.
  • An update to TinyMCE fixing a cross-site scripting vulnerability.
  • Multiple cross-site scripting vulnerability fixes.
  • Full path not disclosed when uploads fail.

Another 12 maintenance related issues have been fixed in the new release.  You can check them out here on the WordPress tracker.

Updates should go through without issues on most blogs. I have updated half a dozen blogs so far and none acted up weirdly after the update. All plugins, the theme and the site's functionality worked just like before.

While that has been the case, it is still recommended to make a backup of your blog before you apply the update so that you can roll it back if you run into issues.

You can apply the update directly from the admin dashboard if your blog has been configured this way, or download it from the official website instead to update the blog manually instead.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. ilev said on June 22, 2013 at 4:02 am
    Reply

    In June 2013, Checkmarx’s research labs ran multiple security scans against the source code of the most popular WordPress plugins. The result? More than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. In total, 8 million vulnerable WordPress plugins were downloaded…..

    The Security State of WordPress’ Top 50 Plugins

    http://www.checkmarx.com/wp-content/uploads/2013/06/The-Security-State-of-WordPress-Top-50-Plugins3.pdf

    1. Martin Brinkmann said on June 22, 2013 at 4:32 am
      Reply

      I saw that too, quite troubling

    2. Karl J. Gephart said on June 22, 2013 at 2:27 pm
      Reply

      Nice report, thanks for the info! I remember many years ago, I had a WP site that was pharma-hacked, never could get the site back to page 1 of Google–page 2 was it after years of work. Not even so much the loss of the content (before I took backing up seriously), but the SEO.

  2. Rudd said on June 22, 2013 at 12:06 pm
    Reply

    Just updated, looks like there were many security issues with the previous vversion. Can’t wait for 3.6 though.

  3. J.K. said on June 22, 2013 at 11:49 pm
    Reply

    Updated to 3.5.2 and now my tables created on my website have disappeared. Can anyone help? To my detriment, I didn’t create a back up before I updated.

  4. blessy said on June 24, 2013 at 7:46 am
    Reply

    I also have some issues while updating to 3.5.2.How can I revert back….

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.