WordPress 3.5.1 tightens security and stops HTML from disappearingThe WordPress developers have announced a maintenance update to the popular open source blogging software. WordPress 3.5.1 fixes 37 bugs and addresses three security issues, including two cross-site scripting vulnerabilities. Users running WordPress on IIS might run into a problem that prevents the upgrade; the developers have prepared documentation to help users work around this problem.
Security issues addressed in the update include a server-side request forgery problem that allowed the exposure of information through pingbacks. According to the developers, this vulnerability could help attackers compromise an unpatched WordPress site. Cross-site scripting vulnerabilities were fixed in the external Plupload library and in the shortcode and post content handling.