Important : Security Updates with WordPress 4.8.2

I am writing this post right after updating my wordpress websites and websites that I monitor or host.

There has been an important security updates that have been released yesterday. Update your wordpress installations as soon as possible to avoid issues.

Following security issues have been fixed:

  1. $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
  2. A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery.
  3. A cross-site scripting (XSS) vulnerability was discovered in the visual editor.
  4. A path traversal vulnerability was discovered in the file unzipping code
  5. A cross-site scripting (XSS) vulnerability was discovered in the plugin editor.
  6. An open redirect was discovered on the user and term edit screens.
  7. A path traversal vulnerability was discovered in the customizer.
  8. A cross-site scripting (XSS) vulnerability was discovered in template names.
  9. A cross-site scripting (XSS) vulnerability was discovered in the link modal.

You can find more information in release notes for 4.8.2 or find list of changes here.

Source: WordPress Blog