WordPress 4.7.3 has just been released. This is a Security release which mean you should update your website immediately. Before updating, you should make sure you backup your entire website, database and files. Then make sure your site is using the latest version of WordPress and that all themes and plugins are updated as well.
This update comes after the release of WordPress Version 4.7.2 which dealt with other security issues that dealt with websites getting defaced and malicious code being inserted.
What’s New in WordPress 4.7.3?
This update addresses Six Security issues along with 39 bug fixes. The WordPress Security Team was notified of the issues from developers analyzing the code. They followed the responsible disclosure process of first informing the WordPress team so patches can be made and an update released.
- Cross-site scripting (XSS) via media file metadata
- Cross-site scripting (XSS) via video URL in YouTube Embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Control characters can trick redirect URL validation.
- Some files could unintentially be deleted when a plugin was deleted.
- Corss-site request forgery (CSRF) in the “Press This” feature which could lead to an increase in server resources being utilized therefore causing performance issues.
You can find more information about this latest release from the WordPress Website Announcement WordPress Update