WordPress has just released a Security and Maintenance Update. The new version is WordPress 4.7.5. It’s important that you confirm that your website has been automatically updated.
Update WordPress to 4.7.5
There were 6 Security Issues that were addressed and 3 maintenance issues resolved with this latest release. Note, your website should have automatically updated to the latest version unless you disabled the auto-update feature.
Here are the 6 Security issues that were resolved:
- Insufficient redirect validation in the HTTP class.
- Improper handling of post meta data values in the XML-RPC API.
- Lack of capability checks for post meta data in the XML-RPC API.
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
Most of these issues can be dealt with if you use a Security Plugin like iThemes Security and disable and limit the XML-RPC and other settings. I created a video on how to properly setup iThemes Security, check it out on my YouTube Channel.
Here’s a list of the files that were updated with this latest release.
wp-admin/includes/file.php
wp-admin/js/common.js
wp-admin/js/common.min.js
wp-admin/js/customize-controls.js
wp-admin/js/customize-controls.min.js
wp-admin/js/updates.js
wp-admin/js/updates.min.js
wp-admin/about.php
wp-admin/customize.php
wp-content/plugins/akismet/_inc/img/logo-full-2x.jpg
wp-content/plugins/akismet/_inc/akismet.css
wp-content/plugins/akismet/_inc/akismet.js
wp-content/plugins/akismet/akismet.php
wp-content/plugins/akismet/class.akismet.php
wp-content/plugins/akismet/readme.txt
wp-includes/js/plupload/handlers.js
wp-includes/js/plupload/handlers.min.js
wp-includes/js/wp-api.js
wp-includes/js/wp-api.min.js
wp-includes/class-http.php
wp-includes/class-wp-customize-manager.php
wp-includes/class-wp-xmlrpc-server.php
wp-includes/taxonomy.php
wp-includes/version.php
Log into your website and make sure you’re running the latest version of WordPress and spread the word by sharing this article and video.