WordPress pushed out version 3.5.1 of its open source blogging platform yesterday, fixing 37 bugs including several cross-site scripting (XSS) errors and a vulnerability that could have allowed an attacker to expose information and compromise an unpatched site.
Until yesterday, the aforementioned vulnerability, discovered by security researchers Gennady Kovshenin and Ryan Dewhurst, affected all versions of the platform. This particular problem could be exploited with a server-side request forgery (SSRF) attack and remote port scanning using pingbacks. Essentially, if left unpatched, an attacker could have forced a server into sending packets of information from the attacker to another server, even if it was behind a firewall.
The update also fixes the following XSS errors:
- Two instances of cross-site scripting via shortcodes and post content.
- A XSS vulnerability in the external library Plupload.
Nacin also points out that a separate bug may be keeping those using WordPress on Microsoft IIS from updating to the most recent build. Those users must manually install the Hotfix plugin, a plugin that helps provide fixes for select bugs. All other users can update to 3.5.1 by clicking “Updates” on their WordPress “Dashboard.”