WordPress 4.7.5 Security and Maintenance Release

WordPress announced today that WordPress 4.7.5 is now available for download. WordPress 4.7.5 is a Security and Maintenance release.

WordPress versions 4.7.4 and earlier are affected by six security issues:

  1. Insufficient redirect validation in the HTTP class.
  2. Improper handling of post meta data values in the XML-RPC API.
  3. Lack of capability checks for post meta data in the XML-RPC API.
  4. A Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog.
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series.

All Zullo Media clients subscribed to our WordPress Support & Maintenance service have been updated successfully.

You can learn more about the update here: https://wordpress.org/news/2017/05/wordpress-4-7-5/


Founder & Lead Digital Strategist at Zullo Media.

No Comments

Post a Comment