Get EVO PRO

WordPress 4.7.5 Security Release – Update Immediately

WordPress has just released a Security and Maintenance Update. The new version is WordPress 4.7.5. It’s important that you confirm that your website has been automatically updated.

Update WordPress to 4.7.5

There were 6 Security Issues that were addressed and 3 maintenance issues resolved with this latest release. Note, your website should have automatically updated to the latest version unless you disabled the auto-update feature.

Here are the 6 Security issues that were resolved:

  1. Insufficient redirect validation in the HTTP class.
  2. Improper handling of post meta data values in the XML-RPC API.
  3. Lack of capability checks for post meta data in the XML-RPC API.
  4. A Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog.
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

Most of these issues can be dealt with if you use a Security Plugin like iThemes Security and disable and limit the XML-RPC and other settings. I created a video on how to properly setup iThemes Security, check it out on my YouTube Channel.

Here’s a list of the files that were updated with this latest release.


wp-admin/includes/file.php
wp-admin/js/common.js
wp-admin/js/common.min.js
wp-admin/js/customize-controls.js
wp-admin/js/customize-controls.min.js
wp-admin/js/updates.js
wp-admin/js/updates.min.js
wp-admin/about.php
wp-admin/customize.php
wp-content/plugins/akismet/_inc/img/logo-full-2x.png
wp-content/plugins/akismet/_inc/akismet.css
wp-content/plugins/akismet/_inc/akismet.js
wp-content/plugins/akismet/akismet.php
wp-content/plugins/akismet/class.akismet.php
wp-content/plugins/akismet/readme.txt
wp-includes/js/plupload/handlers.js
wp-includes/js/plupload/handlers.min.js
wp-includes/js/wp-api.js
wp-includes/js/wp-api.min.js
wp-includes/class-http.php
wp-includes/class-wp-customize-manager.php
wp-includes/class-wp-xmlrpc-server.php
wp-includes/taxonomy.php
wp-includes/version.php

Log into your website and make sure you’re running the latest version of WordPress and spread the word by sharing this article and video.

Get EVO PRO

Find Me On »

YouTube Facebook Twitter LinkedIn Quora