WordPress has published a security release. We strongly encourage everyone to upgrade immediately.
WordPress 4.8.2 Security and Maintenance Release (wordpress.org)
WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.8.1 and earlier are affected by these security issues:
- $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).
In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series. For more information, see the release notes or consult the list of changes.
The previous version of WordPress was 4.8 on August 3, 2017.
Our Website Maintenance Department will be in contact with you regarding these upgrades. Clients that have signed up for our Automatic WordPress Update Program or Website Care program will get their website updated in the next week or so or if a follow-up version of WordPress is released.
View the complete list of WordPress versions here.
Read more about why WordPress updates are important.
If you haven’t heard about our Website Care program, then you’re missing out on savings and peace of mind!
There are different levels to choose from but with each level, you get your installation of WordPress checked weekly for updates to the core software, plugins and themes. The benefit is that your website software is kept up to date. This work is done by hand and we test your website after the upgrade to make sure everything works like it should.
The program is either by monthly subscription or you can save 10% and pay for a year in advance. When you use this program you save about 40% on updating WordPress. It’s kind of a no-brainer!
Sleep better knowing that your website is being taken care of when you enroll in our Website Care program today!
-Tony
