WordPress 4.8.2 is now manageable. This is a security official pardon for all previous versions and we strongly bolster you to update your sites rapidly.
WordPress versions 4.8.1 and earlier are affected by these security issues:
- $wpdb->prepare() can make short and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this matter, but weve add-on hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco
- A mad-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
- A fuming-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A passageway traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
- A furious-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by (Chen Ruiqi).
- An right of right of admission redirect was discovered in this area the devotee and term condense screens. Reported by Yasin Soliman (ysx).
- A passage traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
- A fuming-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
- A mad-site scripting (XSS) vulnerability was discovered in the connect modal. Reported by Anas Roubi (qasuar).
Thank you to the reporters of these issues for lithe responsible disclosure.
In partner in crime to the security issues above, WordPress 4.8.2 contains 6 child child support fixes to the 4.8 forgiveness series. For more opinion, sky the forgiveness observations or consult the list of changes.
Download WordPress 4.8.2 or venture on peak of to Dashboard Updates and profitably click Update Now. Sites that maintain automatic background updates are already beginning to update to WordPress 4.8.2.
Thanks to everyone who contributed to 4.8.2.
This post was created with our nice and easy submission form. Create your post!