WordPress has released its latest version 4.8.2 on September 19, 2017 including 9 important security issues fixes.
The WordPress development team has released the 4.8.2 version which fixes the flaw:
- $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi).
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery.
- A cross-site scripting (XSS) vulnerability was discovered in the visual editor.
- A path traversal vulnerability was discovered in the file unzipping code.
- A cross-site scripting (XSS) vulnerability was discovered in the plugin editor.
- An open redirect was discovered on the user and term edit screens.
- and 3 others: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
An Open Redirect attack allows hackers to redirect your visitors to an external website which might risk of phishing. Previous WordPress versions are by this vulnerability and we strongly encourage you to upgrade your WordPress sites immediately.
How to update WordPress 4.8.2?
Manually: Log into your WordPress Dashboard, click the “Update Now” button to update.
Automatically: Sites that support automatic background updates will be automatically updated to the latest version within a few hours after the release.
If you need any support to update this new version or install a WordPress site, feel free to our WordPress team for maintenance!