{"id":1200,"date":"2017-01-12T17:32:30","date_gmt":"2017-01-12T17:32:30","guid":{"rendered":"http:\/\/ukwebsolutionsdirect.co.uk\/blog\/?p=1200"},"modified":"2017-01-12T17:32:30","modified_gmt":"2017-01-12T17:32:30","slug":"wordpress-4-7-1-security-release","status":"publish","type":"post","link":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wordpress-hosting\/wordpress-4-7-1-security-release","title":{"rendered":"WordPress 4.7.1 Security Release"},"content":{"rendered":"<p>WordPress just released its latest version 4.7.1 as a\u00a0security and maintenance release\u00a0for all previous versions. We advise all our users to update to the latest version as soon as possible.<\/p>\n<p>This security release fixes eight security issues that were reported after the release of the major version in December 2016. The version also fixes over sixty bugs from the previous version 4.7.<\/p>\n<p>Here\u2019s the list of all eight main security issues as listed\u00a0on <strong><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/wordpress.org\/news\/2017\/01\/wordpress-4-7-1-security-and-maintenance-release\/\" target=\"_blank\">WordPress blog<\/a> <\/span><\/strong>for the latest update.<\/p>\n<ul>\n<li>PHPMailer update fixing Remote code execution (RCE) \u2013 WordPress uses PHPMailer library as the basis for its email functionality.<\/li>\n<li>The REST API issue that exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.<\/li>\n<li>Cross-site scripting (XSS) via the plugin name or version header on update-core.php.<\/li>\n<li>Cross-site request forgery (CSRF) bypass via uploading a Flash file.<\/li>\n<li>Cross-site scripting (XSS) via theme name fallback.<\/li>\n<li>Post via email checks mail.example.com if default settings aren\u2019t changed.<\/li>\n<li>A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing.<\/li>\n<li>Weak cryptographic security for multisite activation key.<\/li>\n<\/ul>\n<p>The update includes fixes to the bundled theme, Comments, Customizer, Editor, HTTP API, Media, and Rest API among others. Please see the complete list of bug fixes on\u00a0<strong><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/codex.wordpress.org\/Version_4.7.1\" target=\"_blank\">the codex page<\/a>\u00a0<\/span><\/strong>for 4.7.1 update.<\/p>\n<p>Your website should be automatically updated, but if you don\u2019t want to wait, browse to Dashboard &gt; Updates and click the Update Now button.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress just released its latest version 4.7.1 as a\u00a0security and maintenance release\u00a0for all previous versions. We advise all our users to update to the latest version as soon as possible. This security release fixes eight security issues that were reported after the release of the major version in December 2016. The version also fixes over [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[97],"tags":[42,209],"_links":{"self":[{"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1200"}],"collection":[{"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=1200"}],"version-history":[{"count":1,"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1200\/revisions"}],"predecessor-version":[{"id":1201,"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1200\/revisions\/1201"}],"wp:attachment":[{"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=1200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=1200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ukwebsolutionsdirect.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=1200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}