WordPress.org

Codex

Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 3.8.2

On April 8, 2014, WordPress 3.8.2 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 3.8.2, update automatically from the Dashboard > Updates menu in your site's admin area or visit http://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, this maintaintance release addresses 9 bugs with version 3.8 and 3.8.1. It also fixes some security issues:

  • Potential authentication cookie forgery. CVE-2014-0166.
  • Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
  • (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
  • (Hardening) Fix a low-impact SQL injection by trusted users.
  • (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

List of Files Revised

* wp-admin/about.php
* wp-admin/themes.php
* wp-admin/includes/post.php
* wp-admin/includes/class-wp-posts-list-table.php
* wp-admin/includes/class-wp-upgrader.php
* wp-includes/class-wp-xmlrpc-server.php
* wp-includes/bookmark.php
* wp-includes/query.php
* wp-includes/pluggable.php
* wp-includes/post-template.php
* wp-includes/update.php
* wp-includes/version.php
* wp-includes/js/plupload/plupload.silverlight.xap
* readme.html
See also: other WordPress Versions.