WordPress 3.5.1 was released, a security and maintenance related update that is recommended to be installed as soon as possible on all live sites running on WordPress. According to the blog post over at the official WordPress blog, 37 bugs were fixed in this release including four security issues and a couple of stability related issues.
As far as security goes, the following security issues have been fixed in WordPress 3.5.1.
- Misuse of pingbacks for remote port scanning and a server side request forgery vulnerability which could lead to information exposure and site compromising.
- Two cross-side scrippting issues via shortcodes and post content.
- Another cross-site scripting vulnerability in the Plupload library.