WordPress 3.5.1 tightens security and stops HTML from disappearing
The WordPress developers have announced a maintenance update to the popular open source blogging software. WordPress 3.5.1 fixes 37 bugs and addresses three security issues, including two cross-site scripting vulnerabilities. Users running WordPress on IIS might run into a problem that prevents the upgrade; the developers have prepared documentation to help users work around this problem.
Security issues addressed in the update include a server-side request forgery problem that allowed the exposure of information through pingbacks. According to the developers, this vulnerability could help attackers compromise an unpatched WordPress site. Cross-site scripting vulnerabilities were fixed in the external Plupload library and in the shortcode and post content handling.
WordPress 3.5.1 is available for download from the project's site. Alternatively, existing users can update automatically via Dashboard ➤ Updates in the WordPress admin interface. Source code for WordPress is licensed under the GPLv2 or later.