WordPress issued a security/maintenance release, version 4.7.5, and is now available for update.
This update addresses six security issues;
- Insufficient redirect validation in the HTTP class.
- Improper handling of post meta data values in the XML-RPC API.
- Lack of capability checks for post meta data in the XML-RPC API.
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
In addition to addressing the security vulnerabilities, WordPress 4.7.5 contains 3 maintenance fixes.
WordPress is recommending that you update your website immediately, but before you do make sure you have a full backup copy of your website files and database. You can download this latest version from WordPress.org or update your existing install by going to your Dashboard > Updates, and clicking the link to update.
You can learn more about this security release here.
Since Current Media Group provides Managed WordPress Hosting, our clients don’t have to worry about upgrading their websites to version 4.7.5, because we take care of that for them. We backup the website files and database, run the core update, and then confirm the website is loading properly before going live. If we detect a problem, we’ll automatically roll it back to the state it was prior to the update and inform our clients of the issue. Automatic WordPress core updates is just one of the great features you get with our Hosting and Support plans.