WordPress is a popular open source blogging tool and a content management system. Currently many people all over the world use WordPress to publish their blogging sites. WordPress includes many useful features like Themes, Plugins, Widgets, Multi-user & multi-blogging system,integrated link management, search engine–friendly, and more. The plugin architecture of WordPress allows the uses and developers to extend its ability. WordPress database contains over 24,000 plugins and also allows you to modify them the user can use them according to their specific need. It also offers many customize options that allow the users to easily customize their blog. So, here I want to inform you that a new version of WordPress is released recently with lots of improvements in security issues.
WordPress 3.5.2 has been released. It is a maintenance and security release that fixes a number of issues in the blogging software. This edition of WordPress 3.5 fixes 12 bugs, but the highlight of this version is the security issues. WordPress security team resolved seven security issues and strongly recommends the site administrators to update their sites as soon as possible. The security issues which are fixed in this edition are listed below.
The security fixes are:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts, or reassigning the post’s authorship,
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
- Multiple fixes for cross-site scripting.
- Avoid disclosing a full file path when a upload fails.
Except it other maintenance related issues are fixed in this release of WordPress, you can get the full list of changes from here. If you are using WordPress for your site, it is recommended to keep a backup of your blog before applying the updates to reduce the chances of data lose. If your blog is configured properly, you can directly update your WordPress from the admin dashboard , or you can even download the update from the official website.