14 DAY TRIAL // WordPress 3.5.2 has been released. Users are advised to update their installations as soon as possible since the release contains fixes for 12 bugs, 7 of which are security issues.
Besides the fixes for 7 vulnerabilities, WordPress 3.5.2 contains some additional security hardening.
The security issues addressed in this release include a cross-site scripting (XSS) vulnerability in the SWFUpload external library; a denial-of-service (DOS) problem with password-protected posts; an XSS in the TinyMCE library; and a full file path disclosure flaw when file uploading fails.
A server-side request forgery attack issue and several other XSS vulnerabilities have also been addressed.
Konstantin Kovshenin, Luke Bryan, mala, Szymon Gruszecki, Wan Ikram, Andrea Santese, Rodrigo, and Jakub Galczyk have been credited for reporting the vulnerabilities.
WordPress is available for download here