- WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately. <br/><br/> This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and fixed by Jon Cave of the WordPress security team.<br/><br/> It also contains a fix to prevent a user with the Contributor role from improperly publishing posts.<br/><br/> This release also fixes nine bugs and contains three other security hardening changes:<br/> <ul> <li> Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests. </li> <li> Fix a low-impact SQL injection by trusted users. Reported by Tom Adams of dxw. </li> <li> Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files. Reported by Szymon Gruszecki. </li> </ul>
- Upgrade to the latest version of WordPress.
- WordPress Plugin WP ULike Cross-Site Scripting (3.1)
- WordPress Plugin AllWebMenus WordPress Menu 'abspath' Parameter Remote File Include (1.1.3)
- Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.3)
- WordPress Plugin WP Glossary 'ajax.php' SQL Injection (0.1)
- WordPress Plugin UpdraftPlus Backup and Restoration Security Bypass (1.9.50)