+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: WordPress 4.7.3 Patches Six Security Vulnerabilities, Immediate Update Advised

WPTavern: WordPress 4.7.3 Patches Six Security Vulnerabilities, Immediate Update Advised

WordPress 4.7.3 is now available with patches for six security vulnerabilities that affect version 4.7.2 and all previous versions. WordPress.org is strongly encouraging users to update their sites immediately.

The release includes fixes for three XSS vulnerabilities that affect media file metadata, video URLs in YouTube embeds, and taxonomy term names. It also includes patches for three other security issues:

  • Control characters can trick redirect URL validation
  • Unintended files can be deleted by administrators using the plugin deletion functionality
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources

These vulnerabilities were responsibly disclosed by a variety of different sources contributing to WordPress security.

Version 4.7.3 is also a maintenance release with fixes for 39 issues. This includes a fix for an annoying bug that popped up after 4.7.1 where certain non-image files failed to upload, giving an error message that said: “Sorry, this file type is not permitted for security reasons.” Those who were negatively impacted have been waiting on this fix for two months.

WordPress sites that haven’t been updated have been subject to a rash of exploits during the last month after a WP REST API vulnerability was disclosed. Now that the patched vulnerabilities in 4.7.3 are public, it is only a matter of time before hackers begin exploiting sites that do not update. If you have auto-updates on, your site has probably already updated by now. If for some reason you have auto-updates disabled, you will want to manually update as soon as possible.



Source: WordPress

Related Post
Matt: On React and WordPress

Matt: On React and WordPress Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would […]

Read more
WPTavern: First WordCamp Dublin Set for October 14-15

WPTavern: First WordCamp Dublin Set for October 14-15 photo credit: Ireland.com Following up on the success of WordCamp Belfast last October, the WordPress community in Dublin will be hosting its first WordCamp October 14-15. Both camps began the early stages of planning last year and the two communities have shared some of the same organizers […]

Read more
WPTavern: GitHub Partners with Facebook to Release Atom-IDE

WPTavern: GitHub Partners with Facebook to Release Atom-IDE GitHub announced the launch of Atom-IDE this week, a new set of packages that extend its open source JavaScript-powered code editor to include IDE-like functionality. This first release includes packages that support TypeScript, Flow, JavaScript, Java, C#, and PHP. “The start of this journey includes smarter context-aware […]

Read more

Leave a Reply

Your email address will not be published.