Wordpress 3.5.1 was released [1] with the following security issues fixed: * A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. * Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team. * A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. [1] http://wordpress.org/news/2013/01/wordpress-3-5-1/
Created wordpress tracking bugs for this issue Affects: fedora-all [bug 904277] Affects: epel-all [bug 904278]