14 DAY TRIAL // WordPress 3.8.2 is available for download. The latest update is considered an important security release because it addresses a number of security-related issues.
One of the vulnerabilities addressed with the release of WordPress 3.8.2 refers to a potential authentication cookie forgery (CVE-2014-0166). The vulnerability can be exploited by an attacker to force his way into a site by forging authentication cookies. The flaw has been discovered and fixed by Jon Cave, a member of the WordPress security team.
The second vulnerability is a privilege escalation (CVE-2014-0165) that can be leveraged by a user with Contributor role to improperly publish posts. Edik has been credited for discovering and reporting the security hole.
In addition to these fixes, WordPress 3.8.2 also contains three changes that result in hardened security. Hosts can now identify potentially abusive requests because additional information is being passed along when processing pingbacks.
Tom Adams of dxw has reported a “low-impact SQL Injection by trusted users.” Szymon Gruszecki has identified a possible cross-domain scripting issue through Plupload, the third-party library used by WordPress for file uploads.
Nine functionality bugs have also been addressed. It’s worth noting that WordPress 3.7.2 contains the same security fixes as variant 3.8.2. Older versions are no longer supported.
WordPress 3.9 is expected to be released next week.
You can download WordPress 3.8.2 from Softpedia.