WordPress 4.8.2 Released

WordPress 4.8.2 is the second security release under the 4.8 release of WordPress. This fixes some core issues, as well as the following:

  • $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.

The $wpdb->prepare prepares database queries and as noted, does not directly affect the core. This fix makes it more difficult for add-on items like themes and plugins to cause a vulnerability.

There are additional items fixed by this security release and a list of what is fixed by WordPress 4.8.2 Security release is provided by the good folks at WordPress.

Bravo to the WordPress team for being on top of security issues, as they are discovered. Remember that WordPress is open source and there is a wide community looking out for us. Make sure your site is kept up-to-date, not just with the core, but also plugins and themes. And if you are signed up for my site management through me, you are covered.

 

Leave a Reply

Your email address will not be published. Required fields are marked *