Beginner's Guide for WordPress / Start your WordPress Blog in minutes

WordPress 3.5.2 – Maintenance and Security Release

It’s Friday and work day is almost over here on the East coast of U.S, but we are still here updating all of our WordPress sites as we write this. The WordPress team have released WordPress 3.5.2, maintenance and security update. In this release, the WordPress security team resolved seven security issues, and added additional security hardening. We strongly recommend that you upgrade your WordPress sites right away.

The security fixes in WordPress 3.5.2 includes:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
  • Multiple fixes for cross-site scripting.
  • Avoid disclosing a full file path when a upload fails.

Upgrade to WordPress 3.5.2. Go to your Dashboard » Updates and do it with 1 click.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

20 CommentsLeave a Reply

  1. There are so many issues in 3.5.2 update. Admin panel is disappearing; I had to manually fix the wp-admin folder from FTP. This is disappointing first 3.5.2 contains multiple issues and now 3.6 is further delayed. :(

  2. There seems to be some changes related to date format as well. First of all I noticed it in google webmaster tools which displayed error related to sitemap date. I use sitemap generated through WordPress SEO by Yoast.

    Then I noticed it in my custom post type backend where the list of posts use to display in this format – ‘2013/06/17 Published’ but now after the update it is displaying in the format which I use for the frontend – ‘1 hour ago Published’. :(

  3. Hi guys! We updated to 3.5.2 and now our media library isn’t functioning properly…when trying to post an image to a page, we don’t see any of our images in the library and, also, our Nivo slider just chugs and we can’t manage that either!

    Any ideas would be MOST appreciated!

    Thanks so much!

  4. Fine for me! Everything worked just fine. I have two sites with different themes and both had no issues with the update.

  5. I am always grateful for all the work the guys do behind the scenes keeping my site safe. But this really was the worst experience I have had with an update in all the years I have worked with WordPress, and from what I can see in the WordPress forums I am not the only one.

    In the end I had to disconnect my CDN and remove all my security and deactivate every plugin, only then would it install.

    Be very VERY careful with 3.5.2 and as you should do anyway, be sure to take a complete backup (website and SQL), before trying to install this update.

    Terence.

    • That is rather strange Terence. Our WordPress 3.5.2 update worked just fine. We did have an issue where caching stopped, but that was due to an update of another plugin “WordPress SEO by Yoast”, but he was very quick to roll out another update with fixes.

      Admin

      • Which just goes to show how no two sites are alike, except superficially.

        The one problem I didn’t have a problem with ~ at least nothing to do with 3.5.2 ~ was Joost’s.

      • Ooops! I take that back… WP SEO is now showing a red banner and claiming I have to remove `<meta name="description" content="” />` from my theme, and it then offers to fix it for me automagically, but although it offers, it doesn’t work.

  6. Thank you for this awesome rundown.

    I do tend to “shake in the knees” whenever I update anything. Of course, I do it antway!!!
    I have lost headers and footers. I hope it doesnt happen with a WP update.

    Nonetheless, the WordPress team is truly amazing.

    I really like your site alot. You cover so many important topics and you do it well!

    Thank you! Mary

  7. being new to wordpress and your site…. is there proper things I should before I update? I read BACKUP, deactivate all plugins and then update. Is the the correct thing to do? can you please steer me in the right direction… I am in the middle of building a huge ecommerce site with woocommerce and I don’t want to loose or affect anything I am currently working on. I have woodojo launchpad enable during this build

    thank you! I love your blog!

    would love to see more info on e commerce like SEO, builds etc just an idea for you ;)

    • Having a regular backup is necessary. We use a paid service VaultPress by Automattic to handle our real-time backup. We simply click on the one-click update and it works.

      Admin

  8. I am done updating with my membership sites but there is this strange activity happening – I keep on receiving spam registrations…i am using si captcha for security…i have disabled the registrations for the moment.

Leave a Reply to Gautam Thapar Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.