Version 3.8.2

On April 8, 2014, WordPress 3.8.2 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 3.8.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, this maintaintance release addresses 9 bugs with version 3.8 and 3.8.1. It also fixes some security issues:

  • Potential authentication cookie forgery. CVE-2014-0166.
  • Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
  • (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
  • (Hardening) Fix a low-impact SQL injection by trusted users.
  • (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

List of Files Revised

* wp-admin/about.php 
* wp-admin/themes.php
* wp-admin/includes/post.php
* wp-admin/includes/class-wp-posts-list-table.php
* wp-admin/includes/class-wp-upgrader.php
* wp-includes/class-wp-xmlrpc-server.php
* wp-includes/bookmark.php
* wp-includes/query.php
* wp-includes/pluggable.php
* wp-includes/post-template.php
* wp-includes/update.php
* wp-includes/version.php
* wp-includes/js/plupload/plupload.silverlight.xap
* readme.html

First published

Last updated