WordPress Releases Critical Security Update for Versions 4.7.2 and Earlier

The WordPress March 2017 critical security update (4.7.3) fixes scripting vulnerabilities and five other security issues as well as 39 maintenance fixes.

The open-source content management system WordPress has released urgent security updates for versions 4.7.2 and earlier and “strongly encourages” users to update right away.

A Look at the WordPress March 2017 Critical Security Update

The new Version 4.7.3 contains system fixes to half a dozen security flows that allowed for:

Sell Your Business

Discover the Zoho Ecosystem

Drive Traffic to Your Website

  1. Cross-site scripting (XSS) via media file metadata,
  2. Control characters tricking redirect URL validation,
  3. Unintended files being deleted by administrators using the plugin deletion functionality,
  4. Cross-site scripting (XSS) via video URL in YouTube embeds,
  5. Cross-site scripting (XSS) via taxonomy term names,
  6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Version 4.7.3 also includes fixes for almost 40 maintenance issues.

If you are currently on version 4.7.2, you should immediately move to the newest version as some of these security issues can allow for, among other things, cross-site scripting and request forgery attacks.

Websites that support automatic update are already receiving the latest WordPress update while those that prefer manual updates should head over to Dashboard > Updates and simply click “Update Now.” You can also Download WordPress 4.7.3.

The new update comes sortly after WordPress admins were informed of a separate security crisis in NextGEN Gallery plugin.

Small Business Deals

WordPress Photo via Shutterstock

More in: 4 Comments ▼

Antony Maina Antony Maina is a Staff Writer for Small Business Trends. His beat includes social media, general business reporting and exploring how people relate to technology. With a background in freelance writing, he is a contributor to other tech websites and can be found at Word4Bloggers.

4 Reactions
  1. Crazy how often they have to release these critical updates. Hackers more fast, so move faster keeping your sites up to date.

  2. This is an excellent security update. Same as the NextGen/Revslider exploits. As long as WordPress stays ahead of the issues, we’ll all be happy!

  3. With so many users, I love how WordPress still continues to update its platform. I guess this is the reason why it is the #1 blogging platform today.

  4. Thanks for this post. I believe there’d be much less HACKING successes if folks would only prepare their WordPress site BEFORE an attack happens. wplockdown.us