WordPress Releases Critical Security Update for Versions 4.7.2 and Earlier

The WordPress March 2017 critical security update (4.7.3) fixes scripting vulnerabilities and five other security issues as well as 39 maintenance fixes.

The open-source content management system WordPress has released urgent security updates for versions 4.7.2 and earlier and “strongly encourages” users to update right away.

A Look at the WordPress March 2017 Critical Security Update

The new Version 4.7.3 contains system fixes to half a dozen security flows that allowed for:

  1. Cross-site scripting (XSS) via media file metadata,
  2. Control characters tricking redirect URL validation,
  3. Unintended files being deleted by administrators using the plugin deletion functionality,
  4. Cross-site scripting (XSS) via video URL in YouTube embeds,
  5. Cross-site scripting (XSS) via taxonomy term names,
  6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Version 4.7.3 also includes fixes for almost 40 maintenance issues.

If you are currently on version 4.7.2, you should immediately move to the newest version as some of these security issues can allow for, among other things, cross-site scripting and request forgery attacks.

Websites that support automatic update are already receiving the latest WordPress update while those that prefer manual updates should head over to Dashboard > Updates and simply click “Update Now.” You can also Download WordPress 4.7.3.

The new update comes sortly after WordPress admins were informed of a separate security crisis in NextGEN Gallery plugin.

Check Also

Defeating Cyber Attacks on Your Business Will Require Humans and Automation

To defeat cyber crime, humans and robots are going to have to learn to work …

Leave a Reply

Your email address will not be published. Required fields are marked *