WordPress 2.8.2 Available for Download

The WordPress team has released a security update for the world’s best bloggng software (John Chow dot Com is a featured WordPress Showcase blog). Anyone running WordPress 2.8 or 2.8.1 should upgrade to this latest version right away.

WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.

The upgrade changes only 10 files and doesn’t touch the database. A simple upload and replace is all that’s required. Or you can use the auto upgrade feature built into the WordPress software.

Download WordPress 2.8.2

45 thoughts on “WordPress 2.8.2 Available for Download”

  1. Thanks for the heads-up, John.


    Andrew – We Build Your Blog’s last blog post: what is the point of Guest Posting your Articles

    1. The XSS vulnerability could be used to create comment author urls that would redirect the system administrator away from the blog’s website to another site to exploit the situation. WordPress webmasters are encouraged to update their blogs as soon as possible to patch the security vulnerability.

      There was also report of upgrading issues with wordpress 2.8 since days ago which has been fixed. Note that if you are using wordpress 2.7.1 you do not have to upgrade at all cost. However if you are using wordpress 2.8 or 2.8.1 you SHOULD do it right now.

      1. I do have 2.7.1, I better keep it like that. I am not that brave to upgrade now.

        Marketing Business Review’s last blog post: 3 Tips To Create Awesome Headlines That Sell

        1. You must update your blog to 2.8.2 for security reason. are you still doing it in old fashion way. Its auto update now.

          Shanker Bakshi’s last blog post: Google Analytics Plugin For WordPress

  2. Just upgraded… thanks for the heads up.

    Chris Jacobson’s last blog post: How to Guilt Customers into Clicking Your Facebook Ad

  3. Gennice says:

    Great! I hope this one fixes some of the bugs I had with some plugins…

    Gennice’s last blog post: Download Opera 10 Beta 2 (Codename – Peregrine)

    1. hha, it usually create more bugs with the plugins once its upgraded, we shall see how it goes on my blog

      Mohamad Faisal’s last blog post: My first pay with Revenuloop

  4. Lee Ka Hoong says:

    Thanks for telling us about this John! I’m going to upgrade my blog now..


  5. S.K Sharma says:

    Thanks for sharing this information because after your updates on Twitter I updated my older version which had released on 9 July 2009.
    Hope new version 2.8.2 will work properly with no bugs.

    S.K Sharma’s last blog post: WordPress Released New Version WordPress 2.8.2

    1. and you are already know it Mr. Sharma, as per your last post.

      Shanker Bakshi’s last blog post: Google Analytics Plugin For WordPress

      1. Make money says:

        He’s right. Then what’s the thanks for? Or maybe you learned it from twitter and then wrote about it and then commented.hmm..

  6. WP Themes says:

    My site is still running on the latest 2.71.

    How did you find out that it was only 10 files that were updated?

    WP Themes’s last blog post: WordPress 2.8.2 Released – XSS Vulnerability

  7. fas says:

    Thank’s john! I’m going to go upgrade now. I was having some pluggin problems, i hope they are fixed now.

  8. Brad says:

    I JUST updated my blog last nite to the newest verison…. now i had to update it again…. arrrrrgggh

    Brad’s last blog post: Alex Jeffreys Coaching Reviewed

  9. Ben Pei says:

    Lol John, you’re quick. Just upgraded!

    Ben Pei’s last blog post: Ben Pei Has A New Look And New Logo

  10. Lance says:

    XSS is one of the most common uses of site vulnerabilities and can be used on a number of web based applications. That is normally tied into drive by downloads of malware which infects a system. Most people dont realise this has happened and they only find out after their bank acounts are affected.

    Although browser security is increasing this does happen very frequently.

    John I just started reading your ebook, excellent job.

    I made the mistake of testing free content creation for my blog and stopped it as I didn’t like the way content was created and was not in control of it.

    Kontera have denied my application. If I remove the generated content will they accept my application? I have considering it but looks like my overall feeling is that you must stay away from it.

  11. Thanks for reminding!

    Ridiculous blogger’s last blog post: Be happy with a drop domain

  12. I have begun to update my sites. Seems like a very unlikely event that the security hole will be utilized by a spammer.

    Reverse Cell Phone Lookup’s last blog post: AmazonWireless in Full Swing

  13. Jeremy Young says:

    Thanks john, just wish wordpress would give the plugins time to upgrade. I’m still waiting for plugin updates for 2.8.1

    Jeremy Young’s last blog post: What Is A Url?

  14. Asswass says:

    It seems like they launch a new version every month. They launch a version with bugs and then they launch a new version to fix those bugs :S.

    Asswass’s last blog post: How Interlinking got me 30% more traffic from Google

    1. Benjamin Cip says:

      Yes, that’s exactly how I feel! I upgraded to 2.8.2… I thought It was a bug before I saw the last number was 2 instead of 1. Well, I just hope everything will run well with this last version. Recently a link (widget) appears on my sidebar, and haven’t been able to remove it… I’m wondering what’s happened.

      Benjamin Cip’s last blog post: My “31 Days to Building a Better Blog” Review

      1. Hi Benjamin,

        I will be not so sure. I will keep it with 2.7.1 until all of you had tested fully.

        Marketing Business Review’s last blog post: 3 Tips To Create Awesome Headlines That Sell

  15. Cam Birch says:

    How crazy is that, just upgraded to 2.8.1 and now have to upgrade again. At least I finally fixed the plugin problems I have been having with 2.8 and everything is running fine. Gotta love crazy wordpress updates.

    Cam Birch’s last blog post: GST And How To Profit From It

  16. Greg Ellison says:

    I am glade that they are actively working on WordPress. I happy to upgrade. Thanks for the heads up John. Greg Ellison

    Greg Ellison’s last blog post: My First Squidoo lense with substance

  17. EarningStep says:

    i already use it…… i found more feature than 2.8 version

    EarningStep’s last blog post: Microsoft Bing | from search engine to Decision engine

  18. Mike Wayne says:

    Thanks for the Update John, saw the link on Facebook. I’m always two versions behind anyway:) i need to update to WordPress MU so i can update all my WordPress blogs at once!

    Mike Wayne’s last blog post: Content Management Systems in Plain English

  19. Ghostwriter says:

    I got to keep checking on WordPress. They’ve release updates pretty often. Thanks John.

  20. I was just looking at this tonight. Will plan to do this as soon as possible now that other top bloggers are recommeding it. Two words for anyone planning to upgrade is “Back up”.

    DAnthony – financiallyeliteblog.com’s last blog post: Learn to work with others

  21. Opps not again, but yes this is a bit crucial

    Shanker Bakshi’s last blog post: Google Analytics Plugin For WordPress

  22. What? I have waited weeks (months?) before upgrading to 2.8 because I was wary it might contain bugs that could mess up my fragile blog. Then, just when I thought the water is clear, here comes this ‘not fully sanitized’ issue.

    Anyway, thanks JC for this prompt notice.

    james moralde’s last blog post: Book Review: How to be Happy and Have Fun Changing the World

    1. This is also the reason why I don’t like to upgrade my blog every time a new version arrives.

      Ridiculous blogger’s last blog post: Would you upgrade your blog to WordPress 2.8.2?

  23. fas says:

    I think this is available since around a week now.

    fas’s last blog post: Easy Ways To Earn Money From Google

  24. Thanks – have just updated to WordPress 2.8.2, I now always update to the latest version of WordPress (and backup my database frequently)… after a few bad experiences 🙁

    Joel Annesley’s last blog post: Using Webinars to Promote Your Creativity Online

  25. Derrick says:

    Hey John

    Thanks for updating us on this issue, it should fixes those XSS vulnerability.


    Derrick’s last blog post: Generate Traffic By Posting on Forums

  26. game-girl says:

    I am not so quick but feel the time has come to upgrade.

    game-girl’s last blog post: В фильме Бюро снимутся Мэтт Дэймон и Эмили Блант

  27. fas says:

    Was this the reason why the WordPress.org site was down? Best to to update the blog then.

  28. Because of this I always wait for a while to upgrade my blog to latest version. As I knew you will get new version very soon.

  29. It is a hassle to keep up with upgrades on your blogs, but don’t overlook it! I had a bunch of old blogs I didn’t upgrade for some time, and they were exploited.

  30. Torrey says:

    Just upgraded, like taking candy from a baby, well maybe not my son, but thanks…

  31. Make money says:

    Wow, just checked at wordpress.org/showcase and you’re there. I thought of submitting my site (lol) before I read the strict conditions. I’ll quote:

    * Using WordPress in a unique or innovative way.
    * Attracting tens of thousands of regular readers.
    * Being written by someone famous or especially notable in his or her particular field.
    * Representing a notable organization, government entity, or corporation as an official blog or web site.

    I don’t think I have any of those. Lol!

  32. Custom Essay says:

    I don’t wanna go through the auto way of updation. Is there any link at wordpress website which provide list of files, needs to be updated?


  33. Im upgraded and waiting for the next update.

  34. I upgraded recently too. Mine was a skip upgrade from 2.8 to 2.8.2 (I had earlier missed the 2.8.1 version). Luckily no1 exploited those holes which were lying for sometime.

Comments are closed.