WordPress 4.8.2」がリリースされました。
8個のセキュリティー修正と6個のバグ修正が行われています。

SQLインジェクション(SQLi)を引き起こす可能性のある$wpdb->prepare()の脆弱性からプラグインとテーマを守る修正がWordPress Coreに追加されました。
v4.8.2では主に下記の修正が行われています。

  • $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
  • A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery.
  • A cross-site scripting (XSS) vulnerability was discovered in the visual editor.
  • A path traversal vulnerability was discovered in the file unzipping code.
  • A cross-site scripting (XSS) vulnerability was discovered in the plugin editor.
  • An open redirect was discovered on the user and term edit screens.
  • A path traversal vulnerability was discovered in the customizer.
  • A cross-site scripting (XSS) vulnerability was discovered in template names.
  • A cross-site scripting (XSS) vulnerability was discovered in the link modal.

参考

Version 4.8.2 リリースノート


コメントを投稿する

* が付いている項目は必須です。