WordPress issued a security release, version 4.7.2, and is now available for update.
This update addresses three security issues;
- The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
- WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
- A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
You can download this latest version from WordPress.org or update your existing install by going to your Dashboard > Updates, and clicking the link to update.
You can learn more about this security release here.
Since Current Media Group provides Managed WordPress Hosting, our clients don’t have to worry about upgrading their websites to version 4.7.2, because we take care of that for them. We backup the website files and database, run the core update, and then confirm the website is loading properly before going live. If we detect a problem, we’ll automatically roll it back to the state it was prior to the update and inform our clients of the issue. Automatic WordPress core updates is just one of the great features you get with our Hosting and Support plans.