Divi WordPress Theme

Topic: Wordpress 3.5.2 released - 7 security issues fixed from previous version  (Read 2590 times)

Offline Kailash

  • Web Hosting Master
  • *****
  • Administrator
  • Posts: 660
  • iTrader: +153/-0
    • View Profile
WordPress 3.5.2 security update has been released. It has fixed following 7 security bugs:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

Also they have included following security hardening:

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

Make sure that you upgrade your WordPress version immediately.

Regards,
Kailash
VPS Hosting - AccuWebHosting

Offline Web_news

  • New Member
  • *****
  • Premium Member
  • Posts: 44
  • iTrader: +5/-0
    • View Profile
Thank you for the information and notification.

Thanks!
Shopify Divi WordPress Theme
Tags: