wordpress version 3.5.1 release
According to the official WordPress blog, 37 bugs were fixed in this release including four security issues and a couple of stability related issues.
As far as security goes, the following security issues have been fixed in WordPress 3.5.1.
- Misuse of pingbacks for remote port scanning and a server side request forgery vulnerability which could lead to information exposure and site compromising.
- Two cross-side scrippting issues via shortcodes and post content.
- Another cross-site scripting vulnerability in the Plupload library
The remaining updates and fixes address an assortment of issues of which two have received a high rating. One fixes an issue where link tags are getting stripped from the editor in WordPress 3.5, the other that scheduled posts trigger non-unfiltered html filters. The issue here is that some tags, like embedded video contents, may have been filtered out which broke them from being displayed properly on the site’s frontend.