Word press just got updated to 3.52 and i  am usually slack in checking what’s been updated due to time constraints , but i decided to go   and  see their detailed release notes this time  as  a few of my word press websites got hacked recently and some getting excessively spammed  and i was QUITE  SUPRISED to see quite a few vulnerabilities  that got fixed with this update.. which means there were many vulnerable wordpress sites out there recently.

what got updated with wordpress

wordpress hacked  update 3.5

Here is snippet of the vulnerabilities that has been fixed with

WordPress Update  Version 3.5.2

Version 3.5.2 fixes seven security issues:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203
Additional security hardening Done - includes:
* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
 
As is always suggested immediately update your wordpress installation either  from your blog dashboard
 or then from your hosting provider dashboard to update all blogs at once. I know bluehost hosting service  provides 
this service  to update all blogs at once  from the hosting login  to keep your blogs safe 

Installation/Update Information for wordpress.com bloggers

To download WordPress 3.5.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visithttp://wordpress.org/download/release-archive/.

 

For more information, see the release notes.

Advertisements

– Checks existing files for malware, spam/phising URLs, blacklisting, htaccess redirections, hidden eval code, etc.
– Monitor file changes (added/deleted/edited).
– Activate firewall, virus scanning, and realtime traffic monitor.
– Scans for heuristics of backdoors, trojans, and suspicious code.
– Block aggressive crawlers, scrapers, and malicious bots.

gadget australia logo2

– Block brute force attacks to the login form.
– Checks and fixed timthumb vulnerability hole.
– Removes all wp footprints (meta, version, etc.)
– Protection against: XSS, RFI, CRLF, CSRF,  Base64, Code Injection and SQL Injection hacking.
– Checks for ‘DB errors off’, file and folder permissions.
– Optimize, clean, and backup wp database to dropbox or amazon s3.
– Checks with plugins are slowing down our site.