WordPress 3.5.2 released
Wordpress 3.5.2 is now available for download.This is a security release for all previous versions.What’s new in this release?
Fixes:
Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
Disallow contributors from improperly publishing posts.
An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
Prevention of a denial of service attack, affecting sites using password-protected posts.
An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
Multiple fixes for cross-site scripting.
Avoid disclosing a full file path when a upload fails.
(more…)