WordPress 4.8.2 contains fixes for multiple vulnerabilities, therefore it’s recommended to be installed as fast as possible. The fixed security issues are:
$wpdb->prepare()can create unexpected and unsafe queries leading to potential SQL injection (SQLi), that’s why the WordPress Core was hardened to prevent vulnerabilities through plugins.- A cross-site scripting (XSS) vulnerability was discovered and fixed in the oEmbed discovery.
- Another XSS vulnerability was discovered and fixed in the visual editor as well in the plugin editor.
- A path traversal vulnerability was fixed in the file unzipping code.
- An open redirect was discovered on the user and term edit screens.
- A path traversal vulnerability was found in the customizer.
- Further cross-site scripting vulnerabilities were discovered and fixed in template names and the link modal.
Create a backup before installing updates!
(Beitragsbild von monsitj)
