Despite that it is their fault, a release is as is. Because nobody is perfect. I have yet to find a software online or offline that didn't have security problems. This is why there are incremental version releases. 3.8.2 is multiple versions behind and you could do a full upgrade. Which is available to you as long as the download access allows this. Security patches ARE free downloads, but they are only valid for the version they're made for.

Until vBulletin Solutions changes their license agreement and charge per branch, you can download basically every version available to you within the period your license grants you download access, which is 12 months. The upgrade fee is $60, at the moment, and early renewers get a $20 discount.

Unlike other companies who charge from 3.6 to 3.7 for example, vBulletin has always allowed 'whichever version is currently the latest'. And give you 12 months download access where within this is valid. that's quite flexible.

None.

Those patches are only functional for their respective Versions (eg. 3.8.1, 3.8.3 and 3.8.4).

What you can do:
Download the patches for 3.8.3 and 3.8.4, compare them with your 3.8.2 files - and merge those changes that were done to fix the security issues (though this requires a fair amout of programming knowledge).

This should not be true because XSS flaw is not our fault. It is the fault of the Vbulletin program writers.

Even my licence expired I should have a patch only to correct this Xss Flaw issue.

So please someone tell us which of the below patches we should use for the version 3.8.2

• Security patch: 3.8.4 PL1
• Security patch for 3.8.3 (included in 3.8.4+)
• Security patch: 3.8.1 PL1

Thanks in advance.

You can't. You have to renew your license.