WordPress.org

Codex

Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 3.7.2

On April 8, 2014, WordPress 3.8.2 was released to the public and WordPress 3.7.2 was released as a automatic security update for WordPress 3.7.1.

Installation/Update Information

To download WordPress 3.7.2, update automatically from the Dashboard > Updates menu in your site's admin area or visit http://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, this maintenance release addresses 9 bugs with version 3.7 and 3.7.1. It also fixes some security issues:

  • Potential authentication cookie forgery. CVE-2014-0166.
  • Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
  • (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
  • (Hardening) Fix a low-impact SQL injection by trusted users.
  • (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/includes/upgrade.php
wp-admin/includes/class-wp-upgrader.php
wp-admin/includes/update-core.php
wp-admin/includes/update.php
wp-admin/includes/post.php
wp-admin/includes/class-wp-posts-list-table.php
wp-includes/functions.php
wp-includes/update.php
wp-includes/js/plupload/plupload.silverlight.xap
wp-includes/pluggable.php
wp-includes/class-wp-xmlrpc-server.php
wp-includes/bookmark.php
wp-includes/option.php
wp-includes/version.php
wp-includes/cron.php
See also: other WordPress Versions.