WordPress issued a security release, version 4.7.3, and is now available for update.
This update addresses six security issues;
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
In addition to addressing the security vulnerabilities, WordPress 4.7.3 contains 39 maintenance fixes.
You can download this latest version from WordPress.org or update your existing install by going to your Dashboard > Updates, and clicking the link to update.
You can learn more about this security release here.
Since Current Photographer provides Managed WordPress Hosting, our clients don’t have to worry about upgrading their websites to version 4.7.3, because we take care of that for them. We backup the website files and database, run the core update, and then confirm the website is loading properly before going live. If we detect a problem, we’ll automatically roll it back to the state it was prior to the update and inform our clients of the issue. Automatic WordPress core updates is just one of the great features you get with our Hosting and Support plans.
*The Current Photographer website contains links to our affiliate partners. Purchasing products and services through these links helps support our efforts to bring you the quality information you love and there’s no additional cost to you.
Founder of Current Photographer, co-host of The Digital Photography Cafe Show, Designer, Photographer, and overall tech geek.