WordPress 4.7.3 Security Release

Posted by Andrei on March 07, 2017 in Security, WordPress

A new version of WordPress has just been released. WordPress 4.7.3 is the third in a series of recent security releases for WordPress core. The older version, 4.7.2 was released on January 26th to fix a now famous WordPress vulnerability.

The new 4.7.3 core release addresses three Cross Site Scripting vulnerabilities:

  • Cross-site scripting (XSS) via media file metadata.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.

Moreover, this latest version also fixed the following security issues:

  •  Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site request forgery (CSRF) in “Press This” leading to excessive use of server resources.

WordPress 4.7.3 also contains 39 maintenance fixes for a range of non-security related issues.

We highly recommend that you upgrade to this new release as soon as possible. Since this release fixes important security vulnerabilities, we may see attacks targeting these vulnerabilities in the coming days if your website is not updated to the latest version.

As you know, your website/s should be automatically updated, but if you don’t want to wait, browse to Dashboard > Updates and click the Update Now button.

Tags :  ,