WordPress 3.5.2 Security Release Explained

Updated March 1, 2025

Latest WP Update for Maintenance & Security

WordPress 3.5.2 was released just a few days ago. In light of all the security attacks related to our favorite open source website platform, I’ll highlight the WordPress security fixes along with why it’s so important to upgrade to this version.

7 Security Issues Resolved

Running the latest WP release is always a good idea. WordPress 3.5.2 patches these security problems:

1. Block service-side request forgery attacks
2. Update to SWFUpload external library – fixes cross-site scripting vulnerabilities
3. Prevent denial of service attacks – affects websites that use password-protected posts
4. Disallow contributors from improperly publishing posts
5. Revise external TInyMCE library – another fix for cross-site scripting vulnerabilities
6. Avoid disclosing a full file path when an upload fails
7. Additional fixes for cross-site scripting beyond # 2 & #5

WordPress 3.5.2 Release Notes & Download

Suffer from insomnia and looking for a bit of code to lull you to sleep? Then check out the release notes for WordPress 3.5.2  which includes a list of codex files that were updated.

Brute Force attacks are on the rise. Open source software means that it’s available to the bad guys too. Keeping your WordPress installation up-to-date is just one way to keep your website safe from unauthorized and malicious access.  My recommendation is to download the new WordPress 3.5.2 files now. I also suggest requiring strong passwords for administrators. To be extra careful, consider two-factor authentication. We’ve been using it for over two months with great results.

Does 3.5.2 sound like techno-babble from Star Trek? Don’t worry Automattic makes it easy to upgrade. No pointy ears required. Promise.