WordPress has released update 3.5.2 to fix serious security vulnerabilities that could allow an attacker to compromise a WordPress installation. WordPress.org and US-CERT recommends that you update your WordPress installation.
Important: Backup all your WordPress files and database before any update.
To automatically update WordPress:
- Sign into the Admin Dashboard and select Updates from the left menu
- Select the button Upgrade Automatically
- Repeat the update process for any plugins that need to be updated
Here is more information about how to update WordPress at www.theistudio.com
From WordPress.org the seven security fixes in update 3.5.2:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts or reassigning the post’s authorship
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
- Multiple fixes for cross-site scripting.
- Avoid disclosing a full file path when a upload fails.