Open Source WordPress 3.5.2 Updated for Server-Side Request Forgery Attacks
From the 'Why are you reading this? Update NOW' files:
In recent years, the open source WordPress content management (nee Blog) platform has emerged to become the dominant player in web CMS space. That's why when there is a security update you should RUN DON'T WALK to patch.
WordPress 3.5.2 is out today fixing 12 flaws of varying severity.
Top of the list (and top of mind for me) is: "Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site."
Multiple fixes for cross-site scripting.
Cross-Site Scripting (XSS) attacks have long been among the top attack vectors so it's great to see swift action from WordPress in fixing these flaws.
If you're already running a WordPress 3.5.x site, you can update your site easily from the dashboard - which is something you should do - NOW.
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.