On August 4, 2015, WordPress 3.9.8 was released to the public. This is a security update for all previous WordPress versions.
Installation/Update Information
To download WordPress 3.9.8, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
From the announcement post, WordPress 3.9.8 fixes three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site (CVE-2015-2213).
It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.
List of Files Revised
readme.html
wp-admin/about.php
wp-admin/includes/post.php
wp-admin/post.php
wp-includes/class-wp-customize-widgets.php
wp-includes/default-widgets.php
wp-includes/post.php
wp-includes/shortcodes.php
wp-includes/theme.php
wp-includes/version.php