Recently, Automatic released an all-new version of WordPress i.e. 4.8.2. It is a security and maintenance release for the all previous version that fixes nine security issues (include six fixes for WordPress 4.8). WordPress 4.8.1 and the earlier versions are affected by these security issues.
Please Note: If you have disabled background updates then you should do update your site to the latest version manually right now.
These are security issues which are fixed by WordPress 4.8.2 release.
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery.
- A cross-site scripting (XSS) vulnerability was discovered in the visual editor.
- A cross-site scripting (XSS) vulnerability was discovered in the plugin editor.
- A path traversal vulnerability was discovered in the file unzipping code.
- An open redirect was discovered on the user and term edit screens.
- A path traversal vulnerability was discovered in the customizer.
- A cross-site scripting (XSS) vulnerability was discovered in template names.
- A cross-site scripting (XSS) vulnerability was discovered in the link modal.
- $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but the WordPress team added hardening to prevent plugins and themes from accidentally causing a vulnerability.
In addition to the above security fixes, the WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series.
To see the release note click here or consult the list of changes click here.
Go to your WordPress site dashboard to your site or download the new version of WordPress from here. Sites that support the automatic background updates are already beginning to upgrade to WordPress 4.8.2
