WordPress 3.5.2 [1] has been released and this is a security fix which fixes 12 [2] bugs including the following security issues:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin [3], or reassigning the post’s authorship, reported by Luke Bryan [4].
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala [5] and Szymon Gruszecki [6].
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram [7].
- Multiple fixes for cross-site scripting. Reported by Andrea Santese [8] and Rodrigo.
- Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk [9].
You ae advised to upgrade immediately.
Download: WordPress 3.5.2 [10] or visit Dashboard -> Updates in your site admin to update now.