June 2013 was a quiet month for WordPress security, as Sucuri Security reported near nothing related to WordPress, except for the security release of WordPress 3.5.2.
Packetstorm Security also had a fairly quiet month, but there was one major threat: WordPress 3.5.1 had a security issue where it was vulnerable to a DoS attack. If you haven’t upgraded to WordPress 3.5.2 yet, you should do so immediately.
- Xorbin Digital Flash Clock 1.0 For WordPress XSS
- Xorbin Analog Flash Clock 1.0 For WordPress XSS
- WordPress WP-Private-Messages SQL Injection
- WordPress Slash Theme XSS / Spoofing / Disclosure
- Ultimate WordPress Auction 1.0 Cross Site Request Forgery
- NextGEN Gallery 1.9.12 Shell Upload
- WordPress 3.5.1 Denial Of Service
- WordPress WP-SendSMS 1.0 CSRF / XSS
- WordPress Ambience Cross Site Scripting
- AntiVirus For WordPress 1.0 Path Disclosure / Bypass
Huge thanks to Packetstorm Security for the great exploit and threat news they provide. Same shout out to Sucuri as well, for helping keep us all protected.