WordPress 4.8.2 Security Update

·

·

WordPress 4.8.2 contains fixes for multiple vulnerabilities, therefore it’s recommended to be installed as fast as possible. The fixed security issues are:

  • $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi), that’s why the WordPress Core was hardened to prevent vulnerabilities through plugins.
  • A cross-site scripting (XSS) vulnerability was discovered and fixed in the oEmbed discovery.
  • Another XSS vulnerability was discovered and fixed in the visual editor as well in the plugin editor.
  • A path traversal vulnerability was fixed in the file unzipping code.
  • An open redirect was discovered on the user and term edit screens.
  • A path traversal vulnerability was found in the customizer.
  • Further cross-site scripting vulnerabilities were discovered and fixed in template names and the link modal.

Create a backup before installing updates!

(Beitragsbild von monsitj)