WordPress issued a security release, version 4.7.3, and is now available for update.
This update addresses six security issues;
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
In addition to addressing the security vulnerabilities, WordPress 4.7.3 contains 39 maintenance fixes.
You can download this latest version from WordPress.org or update your existing install by going to your Dashboard > Updates, and clicking the link to update.
You can learn more about this security release here.
Since Current Media Group provides Managed WordPress Hosting, our clients don’t have to worry about upgrading their websites to version 4.7.3, because we take care of that for them. We backup the website files and database, run the core update, and then confirm the website is loading properly before going live. If we detect a problem, we’ll automatically roll it back to the state it was prior to the update and inform our clients of the issue. Automatic WordPress core updates is just one of the great features you get with our Hosting and Support plans.
