Bloggers Have You Upgraded To WordPress 3.5.1 Yet?

I’ve just logged into the backend of my blog and discovered that there is a new update for WordPress, going from version 3.5 to 3.5.1.

As there are some security updates included in this iteration I would suggest you perform this upgrade as soon as possible if you are on the WordPress platform.

WordPress

All in all the 3.5.1 update fixes 37 different bugs and addresses 3 security issues:

  • Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team.
  • Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team.
  • Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue.

WordPress Codex

Cross-site scripting is fairly straightforward and I’m sure you know you want to prevent that from happening already. The server-side request forgery allowed exposure of information via pingbacks and could allow an attacker to compromise an unpatched WordPress installation.

If you are looking to upgrade your WordPress install then it is an easy process. You can click on the link at the top of your dashboard –

update

or mouse over Dashboard and then select Updates.

Alternatively, you can download a complete installation of WordPress, including the 3.5.1 update from http://wordpress.org/download/

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*