A Word about the WordPress 3-5-2 Update

WordPress Just Released Update 3.5.2

As I work through completing this update on all of my client sites, I wanted to take a moment and talk about WordPress and all Content Management Systems CMS and the need to keep them up-to-date.

According to an article in Forbes, WordPress powers one in six websites on the internet. That’s almost 60 million websites built on the WordPress Platform. This kind of volume means WordPress websites are attractive targets for hackers. If they can exploit a weakness in the code, they can gain access to millions of sites. This holds true for any CMS Platform.

Graphic of WordPress logo with text "Wordpress" Security Update 3.5.2 is out!

WordPress 3.5.2 Maintenance and Security Release:

From the WordPress website, the 3.5.2 update addresses these issues:

“The security fixes included:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. 
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  • Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  • Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.”

When I look at this list, two things jump out. One, thanks to all of the developers and programmers mentioned in the list. They are the reason that WordPress remains so robust. Two, every element of this update is security related and is dedicated to keeping WordPress sites safe from infiltration and exploitation.

WordPress is often recommended for the vast diversity of themes and plugins that allow users to customize and personalize their sites, but lets not forget about the work that is done to keep WordPress sites safe!

Learn more about Content Management Systems

Read about the WordPress Brute Force Attack