Wordpress 3.5.2 released - 7 security issues fixed from previous version

« **on:** June 25, 2013, 11:18:29 AM »

WordPress 3.5.2 security update has been released. It has fixed following 7 security bugs:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

Also they have included following security hardening:

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

Make sure that you upgrade your WordPress version immediately.

Regards,
Kailash

« **Reply #1 on:** June 27, 2013, 11:15:08 AM »

Thank you for the information and notification.

Thanks!

Topic: Wordpress 3.5.2 released - 7 security issues fixed from previous version (Read 2590 times)

Kailash

Wordpress 3.5.2 released - 7 security issues fixed from previous version

Web_news

Re: Wordpress 3.5.2 released - 7 security issues fixed from previous version