WordPress 3.5.1 Security update

WordPress 3.5.1 is out.

This is a maintenance and security update.

The security updates are for:

 ■ Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team.
■ Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team.
■ Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue.

Leave a Reply

Your email address will not be published. Required fields are marked *