(LiveHacking.Com) – WordPress 3.5.1 has been released with 37 bug fixes and three patches for three security issues. Two of the issues fixed where related to cross-site scripting vulnerabilities while the other was a server-side request forgery vulnerability. The full details are as follows:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
- Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
- A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.
Of the 37 bugs fixed, the WordPress team highlighted the following fixes
- Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
- Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
- Networks: Suggest proper rewrite rules when creating a new network.
- Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
- Suppress some warnings that could occur when a plugin misused the database or user APIs.
You can download WordPress 3.5.1 from here or click on Dashboard → Updates in your site admin section to update automatically.