I’ve just logged into the backend of my blog and discovered that there is a new update for WordPress, going from version 3.5 to 3.5.1.
As there are some security updates included in this iteration I would suggest you perform this upgrade as soon as possible if you are on the WordPress platform.
All in all the 3.5.1 update fixes 37 different bugs and addresses 3 security issues:
- Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team.
- Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team.
- Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue.
Cross-site scripting is fairly straightforward and I’m sure you know you want to prevent that from happening already. The server-side request forgery allowed exposure of information via pingbacks and could allow an attacker to compromise an unpatched WordPress installation.
If you are looking to upgrade your WordPress install then it is an easy process. You can click on the link at the top of your dashboard –
or mouse over Dashboard and then select Updates.
Alternatively, you can download a complete installation of WordPress, including the 3.5.1 update from http://wordpress.org/download/