SEO Optimized. Unique Content.
Fully Customizable. API Integration.

WordPress 3.5.2 security and maintenance update released

Last Friday, the folks at WordPress released the latest WordPress version – WordPress 3.5.2. While everyone was anticipating the release of the next major version, WordPress 3.6, this update is released mainly to fix several security issues while the team is preparing WordPress 3.6.

What’s new in WordPress 3.5.2

WordPress 3.5.2 is a security release, which means that there is no new functionality added. However, it addresses several security issues which can lead to unpleasant results if left unfixed. Here are several of the issues, addressed in WordPress 3.5.2

WordPress now blocks server-side request forgery attacks. Such attacks can potentially allow an attacker to secure access to your website site.
The SWFUpload external library has been updated. The update fixes existing cross-site scripting vulnerabilities.
The TinyMCE library has also been updated in order to address a cross-site scripting vulnerability.
Contributors are now disallowed from improperly publishing posts.

A full list of the changes is available here.

WordPress 3.5.2. compatibility

Since this is a security release and since there were no changes to core WordPress functionality, you should have no problems with all existing plugins and themes.

This includes our own WordPress Hosting Themes and our plugin. In the latest update of the plugin, we have built support for the upcoming WordPress 3.6 so everything will work without a problem.

Cross-site Scripting (XSS)

As you have noticed, we have use the term “cross-site scripting” several times. For those of you, who are unfamiliar with it, cross-site scripting or XSS is a very common problem with modern web apps and websites. In recent years, cross-site scripting problems have been the most common online security issue worldwide.

A cross-site scripting will allow an attacker to inject malicious code trough a security hole in a website. This code can be hosted on a completely different server, but the browser of the visitor will not see it like that and will believe it originates from the original website. This way, the attacker can obtain valuable information from the browser of the visitor, such a the content of web page, the session cookie (which can contain usernames and passwords) and other data, that is kept by the browser.

Such vulnerabilities are often discovered by community members of a script or a plugin and a quickly addressed by developers. WordPress, a very popular script, is often the target of XSS attacks. This is why it’s very important to always check if there are new versions available for any of the scripts or plugins you are using.

The Web Hosting WordPress Themes

With our FREE web hosting WordPress themes, you can quickly start your custom web hosting site, without ever having to write a single line of code. Setup is really simple and our themes come with 100+ pages with unique, SEO-optimized content, multiple design layouts, custom meta tags and complete integration with our service API. And everything is completely customizable, should you need to change it.

Theme Installation & Setup

Installation and setup are really simple - in no more than 4 minutes you can have a custom website with 100+ pages, different layouts and SEO-optimized content. And your website is connected with our API - all changes that you make with your reseller hosting account - price updates, new product activations, renaming products - will be reflected on your website automatically.

About Us

ResellersPanel is a leading reseller web hosting providers since 2001. Our Reseller Hosting program allows you to sell under your own brand shared web hosting, dedicated servers, semi-dedicated servers, virtual private servers, domain names and SSL certificates without having to purchase them in advance.