Wordpress, yesterday, announced the release of version 3.5.2 -- a maintenance and security release that fixes several issues in the Wordpress software. This update contains fixes for seven (7) security issues: Server-side request forgery attacks, which could potentially enable an attacker to gain access to a site. Contributors improperly publishing posts. Cross-site scripting vulnerabilities in the SWFUpload external library. Denial of service attack, affecting sites using password-protected posts. Cross-site scripting vulnerability in external TinyMCE library. Multiple cross-site scripting issues. Disclosing a full file path when a upload fails. The new release also fixes 12 other security issues. You can check them out here on the WordPress tracker. Slightly over 53% of all websites use Wordpress, so security/maintenance releases such as this should be taken very seriously. In fact, 7 out of 10 security incidents we observe on our servers are typically related to outdated Wordpress instances, many of which contain known vulnerabilities that are actively being exploited, and for which security updates have already been released. The Wordpress development team suggests strongly that site admins and webmasters update their blogs immediately to the new version. We do, too! Updating Wordpress is reputably very easy: 1. From the admin dashboard, click "Update Now" You may need to verify your FTP password at the prompt. Once the update is complete, you should automatically be redirected. 2. Upgrade your database: 3. That's it! You're good to go: As always, it is recommended that you make a backup of your blog before you apply the update so that you can roll it back if you run into issues.
