WordPress 3.5.2 is here - and it’s not to be confused with the 3.6 beta releases. Being a point release, you shouldn’t expect significant changes. WordPress 3.5.2 is a security release, which means it’s critical that you update your site.

What’s in WordPress 3.5.2?

The release note for this specifically looks to address a bunch of security related issues:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, or reassigning the post’s authorship.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
  • Multiple fixes for cross-site scripting.
  • Avoid disclosing a full file path when a upload fails.

How to Update Safely

This is very easy to do from any logged in user page - but you should always follow a pre-update checklist that helps to avoid many problems.

  1. Make sure you have a current WordPress database backup. Using DBC Backup 2 makes this easy.
  2. Enable your WordPress Maintenance mode page.
  3. Disable any / all plugins
  4. Run update
  5. Update any plugins that also got updated
  6. Enable all plugins that you need
  7. Check for any new issues
  8. Disable your maintenance mode

Having Problems with this update? then read 3 steps to recover from WordPress website killers

Still Need Some Help? Then I’m available -

If you’re still stuck - get in contact and I’ll be happy to help you out.