On September 19, WordPress released a new Security and Maintenance Update.

Needless to say: if you are a WordPress website owner, you should update now, if you didn’t already. Also, be sure to backup your website, if you didn’t do it recently!

To Backup your website is always important before installing Core updates. This prevents issues (such as your website becoming broken or unbrowsable) from rising, especially with Plugins, as they may not always be 100% compatible with the new version.

Need help with your WordPress Backup and Update? Contact us!

What does WordPress 4.8.2 update fix?

Cross-site scripting vulnerabilities (XSS), mostly.
This is a short list of the main bugs that have been found and that the 4.8.2 update fixes, along with a brief explanation, where needed:

• Cross-site scripting (XSS) vulnerabilities were discovered:
  • in the oEmbed discovery;
  • in the visual editor;
  • in the plugin editor;
  • in template names;
  • in the link modal.

XSS is a kind of vulnerability used to bypass websites’ access controls.

• Path traversal vulnerabilities were discovered:
  • in the file unzipping code;
  • in the customizer.

A path traversal attack (aka directory traversal attack) aims to access files and directories that are stored outside the web root folder.

• An open redirect was discovered on the user and term edit screens.

Through open redirects an attacker may successfully launch a phishing scam and steal user credentials. This can happen by redirecting the victim to links identical to the original site, so to have a more trustworthy appearance.

There are other 7 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.8.2 directly from their website.

We are available to chat with you over these and other WordPress related issues anytime. Contact us!