What Drives Your Marketing?

Inbound Marketing is the proven way to grow your website traffic organically and convert leads into sales and future promoters.

WordPress 3.5.2 Security and Maintenance Release

June 27, 2013
cyber criminal

The WordPress team just pushed out a new version of WordPress that has some security bugs fixed. Straight from their release post, these are the security changes:

*Sign up for Paveya’s WordPress Maintenance and Security Plan

Plans start at $129/quarter or $499.00/year, depending on the size of your website.

You get quarterly updates of all plugins for protection against hacking.

*Disclaimer: If you choose not to sign up for a maintenance and security plan, Paveya will not be held liable for WordPress hacks or security breaches.

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
  • Multiple fixes for cross-site scripting.
  • Avoid disclosing a full file path when a upload fails.

One of the bigger actions from this release and the disclosure of the SWFUpload external library vulnerabilities in general is the announcement of a secure SWFUpload fork by the WordPress Core team.

“The WordPress security team has officially forked the long-abandoned SWFUpload project and is strongly encouraging all web developers who use SWFUpload to update.”

The team goes on to say they do not condone the use of abandonware, but they wish to make the web a better place by ensuring that developers have access to a secure version of SWFUpload.

They also encourage you to report any vulnerabilities found in the fork.

Blog Sign Up

Subscribe to receive helpful info on marketing and lead generation by email.