WordPress 4.8.2: The New Sheriff In Town

Website developers et al were fidgeting in their seats a day ago. As usual, the big day’s eve had seen rumors swirling around that WordPress would release ‘something’, and release they did.

WordPress, ever keen to act on feedback, stood tall and announced its resolution to fix the 9 vulnerabilities that plagued its hitherto current version. These included:

  • $wpdb->prepare() that can create unexpected and unsafe queries leading to potential SQL injection (SQLi),
  • A cross-site scripting (XSS) vulnerability that was discovered in the oEmbed discovery, the visual editor, the plugin editor, template names and the link modal,
  • A path traversal vulnerability that was discovered in the file unzipping code and the customizer and
  • An open redirect that was discovered on the user and term edit screens.

This prompted the release of WordPress 4.8.2, a security release for all previous versions that WordPress strongly encouraged users to install.

The good news doesn’t end there. 6 maintenance fixes also come with the package.

To install WordPress 4.8.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/ . We have run the update already, and we encourage our readers and partners to do the same, and practice responsible disclosure while giving their feedback.

This newbie, together with SSL Certificates, would go a long way in ensuring our clients are secured in these perilous days we are living in. The new sheriff in town has arrived in the nick of time.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.