WordPress recently released version 3.8.2, which addresses several vulnerabilities that have been identified by the community.
The WordPress.org team characterizes this update as “an important security release for all previous versions” (emphasis added). WordPress users are strongly encouraged to update their sites in order to be protected from potential malicious attacks.
According to the statement from the WordPress Security team, “This release fixes a weakness that could let an attacker force their way into your site by forging authentication cookies.” That particular bug was quickly identified and fixed by the WordPress Security Team.
There is also a minor fix that solves an issue where someone with a Contributor role could improperly publish posts to a WordPress site.
The official WordPress 3.8.2 security statement says that nine additional bugs have been addressed in this update, along with further security hardening changes.
Specific fix callouts by the Security Team include:
- Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
- Fix a low-impact SQL injection by trusted users.
- Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.
The WordPress 3.8.3 security update is available now. If you’d like to find out more information about this security release, you can see the official release notes
here, or reference the complete list of changes in the WordPress Core Tracker
here.
As always, if you have any questions about setting up your own site’s updates, don’t hesitate to call a member of our support team. And if you’d prefer to let us completely handle your site upgrade, we’ll be happy to help.
Published: April 12, 2014 at 3:30 PM