WordPress 4.7.1 Update

The WordPress team has been hard at work fixing 69 issues that include 8 Security issues and 61 bugs. Most sites should automatically be updated but if your site hasn’t yet, then it’s recommended that you immediately log into your website and update.

8 Security Patches

  1. Remote Code Execution in PHPMailer has been patched.
  2. The Rest API has been patched to deal with exposed user data.
  3. Cross Site Scripting via plugin header and update-core.php file which was first reported by Dominik Schilling from the WordPress Security Team
  4. Cross Site Scripting via theme name fallback.
  5. Cross Site Request Forgery bypass while uploading a flash file.
  6. Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
  8. Weak cryptographic security for multisite activation key.

Here is a complete list of the files that have been updated

  • wp-includes/class-wp-editor.php
  • wp-includes/class-wp-theme.php
  • wp-includes/class-wp-image-editor-imagick.php
  • wp-includes/class-phpmailer.php
  • wp-includes/version.php
  • wp-includes/customize/class-wp-customize-selective-refresh.php
  • wp-includes/customize/class-wp-customize-custom-css-setting.php
  • wp-includes/script-loader.php
  • wp-includes/feed-rss2.php
  • wp-includes/post-template.php
  • wp-includes/theme.php
  • wp-includes/functions.php
  • wp-includes/media.php
  • wp-includes/class-wp-customize-manager.php
  • wp-includes/js/customize-selective-refresh.min.js
  • wp-includes/js/customize-preview.js
  • wp-includes/js/wplink.js
  • wp-includes/js/customize-preview-nav-menus.js
  • wp-includes/js/wp-api.min.js
  • wp-includes/js/customize-selective-refresh.js
  • wp-includes/js/wp-api.js
  • wp-includes/js/customize-preview.min.js
  • wp-includes/js/wplink.min.js
  • wp-includes/js/customize-preview-nav-menus.min.js
  • wp-includes/default-filters.php
  • wp-includes/feed.php
  • wp-includes/class-wp-customize-nav-menus.php
  • wp-includes/ms-functions.php
  • wp-includes/comment.php
  • wp-includes/class-wp-customize-widgets.php
  • wp-includes/taxonomy.php
  • wp-includes/post.php
  • wp-includes/rest-api/class-wp-rest-request.php
  • wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
  • wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
  • wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
  • wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
  • wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
  • wp-includes/load.php
  • wp-includes/class-smtp.php
  • wp-includes/css/customize-preview.min.css
  • wp-includes/css/customize-preview-rtl.css
  • wp-includes/css/customize-preview-rtl.min.css
  • wp-includes/css/customize-preview.css
  • wp-mail.php
  • wp-content/themes/twentyseventeen/README.txt
  • wp-content/themes/twentyseventeen/style.css
  • wp-content/themes/twentyseventeen/functions.php
  • wp-content/themes/twentyseventeen/assets/js/customize-controls.js
  • license.txt
  • wp-admin/css/edit-rtl.css
  • wp-admin/css/customize-nav-menus-rtl.css
  • wp-admin/css/edit-rtl.min.css
  • wp-admin/css/customize-nav-menus-rtl.min.css
  • wp-admin/css/edit.css
  • wp-admin/css/customize-nav-menus.css
  • wp-admin/css/edit.min.css
  • wp-admin/css/customize-nav-menus.min.css
  • wp-admin/widgets.php
  • wp-admin/update-core.php
  • wp-admin/about.php
  • wp-admin/includes/image.php
  • wp-admin/includes/post.php
  • wp-admin/includes/class-wp-screen.php
  • wp-admin/edit-tags.php
  • wp-admin/js/customize-controls.min.js
  • wp-admin/js/updates.js
  • wp-admin/js/customize-nav-menus.min.js
  • wp-admin/js/customize-controls.js
  • wp-admin/js/theme.min.js
  • wp-admin/js/updates.min.js
  • wp-admin/js/customize-nav-menus.js
  • wp-admin/js/theme.js

If you want to view further information about the changes, take a look at the links below.

One of the great things about WordPress is that it’s an actively maintained piece of software with a very talented team of developers.

Spread the word about this update.

Get EVO PRO

Find Me On