The open-source content management system WordPress has released urgent security updates for versions 4.7.2 and earlier and “strongly encourages” users to update right away.
A Look at the WordPress March 2017 Critical Security Update
The new Version 4.7.3 contains system fixes to half a dozen security flows that allowed for:
- Cross-site scripting (XSS) via media file metadata,
- Control characters tricking redirect URL validation,
- Unintended files being deleted by administrators using the plugin deletion functionality,
- Cross-site scripting (XSS) via video URL in YouTube embeds,
- Cross-site scripting (XSS) via taxonomy term names,
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
Version 4.7.3 also includes fixes for almost 40 maintenance issues.
If you are currently on version 4.7.2, you should immediately move to the newest version as some of these security issues can allow for, among other things, cross-site scripting and request forgery attacks.
Websites that support automatic update are already receiving the latest WordPress update while those that prefer manual updates should head over to Dashboard > Updates and simply click “Update Now.” You can also Download WordPress 4.7.3.
The new update comes sortly after WordPress admins were informed of a separate security crisis in NextGEN Gallery plugin.
WordPress Photo via Shutterstock
Crazy how often they have to release these critical updates. Hackers more fast, so move faster keeping your sites up to date.
This is an excellent security update. Same as the NextGen/Revslider exploits. As long as WordPress stays ahead of the issues, we’ll all be happy!
With so many users, I love how WordPress still continues to update its platform. I guess this is the reason why it is the #1 blogging platform today.
Thanks for this post. I believe there’d be much less HACKING successes if folks would only prepare their WordPress site BEFORE an attack happens. wplockdown.us