If you are a WordPress or Joomla user, you better start updating your sites now.
Joomla 2.5.14
Joomla 2.5.14 was released containing some critical security fixes. They didn’t provide much details, but by the summary is seems serious enough to allow users to bypass upload restrictions:
Project: Joomla!
Severity: Critical
Versions: 2.5.13 and earlier 2.5.x versions. 3.1.4 and earlier 3.x versions.
Exploit type: Unauthorised Uploads
Reported Date: 2013-June-25
Fixed Date: 2013-July-31
Description: Inadequate filtering leads to the ability to bypass file type upload restrictions.
More information on Joomla 2.5.14 update here: http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads
WordPress 3.6
WordPress 3.6 (a major release) was also announced with multiple new features and bug fixes. It doesn’t have any specific security fix, but keeping your site updated is a must, so we recommend all users to update.
More information on WordPress 3.6 is available here: http://codex.wordpress.org/Version_3.6
We recommend upgrading as soon as possible to reduce the risk of issue. Make sure you test your upgrades in a development environment before you go hot.
If you have any questions, feel free to drop an email.
