WordPress v4.8.2 security maintenance release

Well-known content management system WordPress has now released 4.8.2 security maintenance version, the version of the main components of the repair vulnerabilities. Based on security considerations It is recommended to use the WordPress site as soon as possible to upgrade to the latest version, the new version has been strengthened on the third-party plug-in vulnerability defense. Also after this update, the text gadget has been able to recognize the HTML code, but using the text gadget to add the HTML code will not be displayed in the foreground.

In the previous version of the change has been added to the custom HTML gadget, so if you need to show the HTML code in the foreground sidebar, please update to v4.8 version of the use of custom HTML code small toolbar to add.

WordPress v4.8.2 update log:

1, a function may lead to potential SQL injection, although WordPress is not vulnerable to the vulnerability, other plug-ins may be affected;

2, the new version has been strengthened on the existence of third-party plug-in vulnerability to defense, but also on the subject of loopholes in security defense;

3, the version has been fixed oEmbed found in the XSS cross-site scripting vulnerability, submitted by the WordPress security team xKnown;

4, the version has been fixed in the visual editor XSS cross-site scripting vulnerability, by Rodolfo Assis to submit the vulnerability;

5, the version has been repaired in the process of extracting the traversal path loopholes in the process, the vulnerability submitted by Alex Chapman;

6, the version has been fixed in the plug-in editor exists in the XSS cross-site scripting vulnerability, the vulnerability submitted by Chen Ruiqi;

7, which has fixed a redirect problem with the user and the term editing interface, which was submitted by Yasin Soliman;

8, the version has been fixed custom procedures exist in the traversal path vulnerability, the vulnerability by the WordPress security team Weston Ruter submitted;

9, the version has been fixed in the template name exists in the XSS cross-site scripting vulnerability, the vulnerability submitted by Luka;

10, the version has been fixed in the dynamic link library exists XSS cross-site scripting vulnerability, the vulnerability submitted by Anas Roubi;

In addition, WordPress v4.8.2 version will Twemoji upgrade to v2.5.0 version, the version has been solved part of the Emoji expression rendering problem.

Download

Leave a Reply

Your email address will not be published. Required fields are marked *