Wordpress 3.5.2 Maintenance and Security Release

Wordpress, yesterday, announced the release of version 3.5.2 -- a maintenance and security release that fixes several issues in the Wordpress software. This update contains fixes for seven (7) security issues:

• Server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
• Contributors improperly publishing posts.
• Cross-site scripting vulnerabilities in the SWFUpload external library.
• Denial of service attack, affecting sites using password-protected posts.
• Cross-site scripting vulnerability in external TinyMCE library.
• Multiple cross-site scripting issues.
• Disclosing a full file path when a upload fails.

Slightly over 53% of all websites use Wordpress, so security/maintenance releases such as this should be taken very seriously. In fact, 7 out of 10 security incidents we observe on our servers  are typically related to outdated Wordpress instances, many of which contain known vulnerabilities that are actively being exploited, and for which security updates have already been released.

The Wordpress development team suggests strongly that site admins and webmasters update their blogs immediately to the new version. We do, too!

Updating Wordpress is reputably very easy:

1. From the admin dashboard, click "Update Now"

2. Upgrade your database:

3. That's it! You're good to go:

As always, it is recommended that you make a backup of your blog before you apply the update so that you can roll it back if you run into issues.