WordPress 3.5.1 Security Patch Released

WordPress 3.5.1 is now available for download or update within your WordPress dashboard. This version is a maintenance and security release for all previous versions.

WordPress Hosting

Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. For a full list of changes, consult the list of tickets and the changelog, which include:

  • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
  • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
  • Networks: Suggest proper rewrite rules when creating a new network.
  • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
  • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
  • Suppress some warnings that could occur when a plugin misused the database or user APIs.

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
  • Two instances of cross-site scripting via shortcodes and post content.
  • A cross-site scripting vulnerability in the external library Plupload.

We recommend everyone to update their WordPress to this latest version ASAP!