Movable Type v6.3.12 - Security Release

Six Apart announced today Movable Type v6.3.12, a mandatory security release.

Security Fixes and Improvements

  • Fix XSS in __mode=rebuild. (CVE-2020-5575)
  • Fix CSRF in _mode=startrebuild. (CVE-2020-5576)
  • Fix XSS in template list. (CVE-2020-5575)
  • Fix CSRF via Sign-In page. (CVE-2020-5576)
  • Fix not to upload a double extension PHP file. (CVE-2020-5577)
  • Fix an open redirect issue in __mode=recover. (CVE-2020-5574)
  • Fix XSS in _mode=startrebuild. (CVE-2020-5575)

Go ahead and evaluate it from:


- username: demo

- password: testthis


No TrackBacks

TrackBack URL:

Leave a comment


If this initiative is useful for you, please consider making a paypal donation or getting your movable type project done with PRO IT Service.

We're the right people for movable type consultancy services including: installations, upgrades, themes, templates, consulting, troubleshooting as well as hosting.

The complete range of movable type services you might be looking for!


We would love to work on any movable type jobs you might have! To find out more about the movable type services we're offering click here.

You may like to know that we're offering a broad range of web development services as well as professional website hosting service in partnership with Pair Networks, Inc. from Pittsburgh, PA, USA.

Check out everything we're proudly doing by visiting


Would you like to be updated every time there is a movable type release? If you do, then subscribe for email updates filling out the form below.


Delivered by FeedBurner


This is a personal website and doesn't have anything to do with Six Apart nevertheless Chris Alden, the former Six Apart CEO, appreciated my idea when he saw it available online.