WordPress 3.8.2 was released yesterday which contains some important security fixes. This is an important security release and the Debian packages were uploaded to the ftp-master a few minutes ago.
Besides fixing Debian Bug #744018, the release fixes the following two vulnerabilities (as mentioned in the bug report):
- CVE-2014-0165 WordPress privilege escalation: prevent contributors from publishing posts
- CVE-2014-0166 WordPress potential authentication cookie forgery
I recommend if you use the Debian package to upgrade as soon as it is available.
Related articles
- WordPress 3.8.2 Addresses 2 Vulnerabilities, Includes 3 Security Hardening Changes (news.softpedia.com)
- WordPress 3.8.2 now available to download and install (thewayoftheweb.net)
Leave a Reply