WordPress 4.8.2, the security and maintenance release is out

Recently on 19 Sept, 2017, WordPress core version 4.8.2 is released for the general public. Actually this is a security and maintenance release and the updates are minor ones. For those people who have enabled the auto updates feature, their WordPress websites will be uploaded automatically. WordPress 4.8.2 features mainly nine security fixes which the WordPress website owners should apply. This year there have been total six updates featuring security fixes. The maintenance side of the update features six other software updates and focuses on the bit where we see five cross-site scripting (XSS) flaws which is a popular attack that refuses to die, directory traversal issues and the one covering an open redirect. Also there is precautionary hardening of the $wpdb->prepare() method for more safety. The WordPress plugin developer can understand this easily as how much important it is to write plugin code without any vulnerability. Actually the main problem is not the vulnerability in the core WordPress software but the main headache is the ecosystem which allows code of WordPress plugins and themes. WordPress states that WordPress core is not directly vulnerable to this security issue but we have added more hardening to prevent plugins and themes from causing a vulnerability. Although WordPress has a solid security operation but the large number of third party plugins and themes which offers many benefits to WordPress also add the vulnerability. Recently it was found that the Display Widget plugin which is used by more than 2,00,000 websites was taken off