22 Jun '13, 2am
WordPress 3.5.2 has been released and this is a security fix which fixes 12 bugs including the following security issues: Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site. Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin , or reassigning the post’s authorship, reported by Luke Bryan . An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki . Prevention of a denial of service attack, affecting sites using password-protected posts. An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram . Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo. Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk . Y...