WordPress 3.8.2 security release

  • WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately. <br/><br/> This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and fixed by Jon Cave of the WordPress security team.<br/><br/> It also contains a fix to prevent a user with the Contributor role from improperly publishing posts.<br/><br/> This release also fixes nine bugs and contains three other security hardening changes:<br/> <ul> <li> Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests. </li> <li> Fix a low-impact SQL injection by trusted users. Reported by Tom Adams of dxw. </li> <li> Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files. Reported by Szymon Gruszecki. </li> </ul>
  • Upgrade to the latest version of WordPress.