The WordPress team just pushed out a new version of WordPress (3.5.1) that has some security bugs fixed. Straight from their release post, these are the security changes:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
- Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
- A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.
There weren’t many changes in this release, but these are all the modified files:
Files wordpress-3.5/readme.html and wordpress-3.5.1/readme.html differ Files wordpress-3.5/wp-admin/about.php and wordpress-3.5.1/wp-admin/about.php differ Files wordpress-3.5/wp-admin/css/wp-admin.css and wordpress-3.5.1/wp-admin/css/wp-admin.css differ Files wordpress-3.5/wp-admin/css/wp-admin.min.css and wordpress-3.5.1/wp-admin/css/wp-admin.min.css differ Files wordpress-3.5/wp-admin/images/sort-2x.gif and wordpress-3.5.1/wp-admin/images/sort-2x.gif differ Files wordpress-3.5/wp-admin/includes/image-edit.php and wordpress-3.5.1/wp-admin/includes/image-edit.php differ Files wordpress-3.5/wp-admin/includes/media.php and wordpress-3.5.1/wp-admin/includes/media.php differ Files wordpress-3.5/wp-admin/includes/update-core.php and wordpress-3.5.1/wp-admin/includes/update-core.php differ Files wordpress-3.5/wp-admin/js/post.js and wordpress-3.5.1/wp-admin/js/post.js differ Files wordpress-3.5/wp-admin/js/post.min.js and wordpress-3.5.1/wp-admin/js/post.min.js differ Files wordpress-3.5/wp-admin/network.php and wordpress-3.5.1/wp-admin/network.php differ Files wordpress-3.5/wp-content/plugins/akismet/admin.php and wordpress-3.5.1/wp-content/plugins/akismet/admin.php differ Files wordpress-3.5/wp-content/plugins/akismet/akismet.js and wordpress-3.5.1/wp-content/plugins/akismet/akismet.js differ Files wordpress-3.5/wp-content/plugins/akismet/akismet.php and wordpress-3.5.1/wp-content/plugins/akismet/akismet.php differ Only in wordpress-3.5.1/wp-content/plugins/akismet: .htaccess Files wordpress-3.5/wp-content/plugins/akismet/readme.txt and wordpress-3.5.1/wp-content/plugins/akismet/readme.txt differ Files wordpress-3.5/wp-content/themes/twentyeleven/languages/twentyeleven.pot and wordpress-3.5.1/wp-content/themes/twentyeleven/languages/twentyeleven.pot differ Files wordpress-3.5/wp-content/themes/twentytwelve/languages/twentytwelve.pot and wordpress-3.5.1/wp-content/themes/twentytwelve/languages/twentytwelve.pot differ Files wordpress-3.5/wp-includes/class-http.php and wordpress-3.5.1/wp-includes/class-http.php differ Files wordpress-3.5/wp-includes/class-wp-embed.php and wordpress-3.5.1/wp-includes/class-wp-embed.php differ Files wordpress-3.5/wp-includes/class-wp.php and wordpress-3.5.1/wp-includes/class-wp.php differ Files wordpress-3.5/wp-includes/class-wp-xmlrpc-server.php and wordpress-3.5.1/wp-includes/class-wp-xmlrpc-server.php differ Files wordpress-3.5/wp-includes/comment.php and wordpress-3.5.1/wp-includes/comment.php differ Files wordpress-3.5/wp-includes/css/editor.css and wordpress-3.5.1/wp-includes/css/editor.css differ Files wordpress-3.5/wp-includes/css/editor.min.css and wordpress-3.5.1/wp-includes/css/editor.min.css differ Files wordpress-3.5/wp-includes/default-filters.php and wordpress-3.5.1/wp-includes/default-filters.php differ Files wordpress-3.5/wp-includes/functions.php and wordpress-3.5.1/wp-includes/functions.php differ Files wordpress-3.5/wp-includes/js/media-editor.js and wordpress-3.5.1/wp-includes/js/media-editor.js differ Files wordpress-3.5/wp-includes/js/media-editor.min.js and wordpress-3.5.1/wp-includes/js/media-editor.min.js differ Files wordpress-3.5/wp-includes/js/media-views.js and wordpress-3.5.1/wp-includes/js/media-views.js differ Files wordpress-3.5/wp-includes/js/media-views.min.js and wordpress-3.5.1/wp-includes/js/media-views.min.js differ Files wordpress-3.5/wp-includes/js/plupload/changelog.txt and wordpress-3.5.1/wp-includes/js/plupload/changelog.txt differ Files wordpress-3.5/wp-includes/js/plupload/plupload.flash.swf and wordpress-3.5.1/wp-includes/js/plupload/plupload.flash.swf differ Files wordpress-3.5/wp-includes/js/plupload/plupload.html5.js and wordpress-3.5.1/wp-includes/js/plupload/plupload.html5.js differ Files wordpress-3.5/wp-includes/js/plupload/plupload.js and wordpress-3.5.1/wp-includes/js/plupload/plupload.js differ Files wordpress-3.5/wp-includes/js/plupload/plupload.silverlight.js and wordpress-3.5.1/wp-includes/js/plupload/plupload.silverlight.js differ Files wordpress-3.5/wp-includes/js/plupload/plupload.silverlight.xap and wordpress-3.5.1/wp-includes/js/plupload/plupload.silverlight.xap differ Files wordpress-3.5/wp-includes/js/tinymce/tiny_mce.js and wordpress-3.5.1/wp-includes/js/tinymce/tiny_mce.js differ Files wordpress-3.5/wp-includes/js/tinymce/wp-tinymce.js.gz and wordpress-3.5.1/wp-includes/js/tinymce/wp-tinymce.js.gz differ Files wordpress-3.5/wp-includes/js/tinymce/wp-tinymce-schema.js and wordpress-3.5.1/wp-includes/js/tinymce/wp-tinymce-schema.js differ Files wordpress-3.5/wp-includes/media.php and wordpress-3.5.1/wp-includes/media.php differ Files wordpress-3.5/wp-includes/media-template.php and wordpress-3.5.1/wp-includes/media-template.php differ Files wordpress-3.5/wp-includes/post.php and wordpress-3.5.1/wp-includes/post.php differ Files wordpress-3.5/wp-includes/script-loader.php and wordpress-3.5.1/wp-includes/script-loader.php differ Files wordpress-3.5/wp-includes/template.php and wordpress-3.5.1/wp-includes/template.php differ Files wordpress-3.5/wp-includes/user.php and wordpress-3.5.1/wp-includes/user.php differ Files wordpress-3.5/wp-includes/version.php and wordpress-3.5.1/wp-includes/version.php differ Files wordpress-3.5/wp-includes/wp-db.php and wordpress-3.5.1/wp-includes/wp-db.php differ
What is interesting is that they added an .htaccess to the akismet directory to prevent direct PHP execution in there. We actually recommend doing the same for your whole wp-content folder to prevent direct PHP execution on all the themes and plugins (our plugin does that as part of our hardening).
In any event, if you are using WordPress, update now!
3 comments
Seems the whole Pingback machanism got broken by the fix. I just switched from wordpress.com to self hosted wordpress and I can do what I want, I cannot get my wordpress to send pingbacks. Receiving does work though.
I usually update of wordpress, thank your article
Comments are closed.