WordPress 4.7.5 Security Release – Update Immediately

WordPress has just released a Security and Maintenance Update. The new version is WordPress 4.7.5. It’s important that you confirm that your website has been automatically updated.

Update WordPress to 4.7.5

There were 6 Security Issues that were addressed and 3 maintenance issues resolved with this latest release. Note, your website should have automatically updated to the latest version unless you disabled the auto-update feature.

Here are the 6 Security issues that were resolved:

  1. Insufficient redirect validation in the HTTP class.
  2. Improper handling of post meta data values in the XML-RPC API.
  3. Lack of capability checks for post meta data in the XML-RPC API.
  4. A Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog.
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

Most of these issues can be dealt with if you use a Security Plugin like iThemes Security and disable and limit the XML-RPC and other settings. I created a video on how to properly setup iThemes Security, check it out on my YouTube Channel.

Here’s a list of the files that were updated with this latest release.


wp-admin/includes/file.php
wp-admin/js/common.js
wp-admin/js/common.min.js
wp-admin/js/customize-controls.js
wp-admin/js/customize-controls.min.js
wp-admin/js/updates.js
wp-admin/js/updates.min.js
wp-admin/about.php
wp-admin/customize.php
wp-content/plugins/akismet/_inc/img/logo-full-2x.png
wp-content/plugins/akismet/_inc/akismet.css
wp-content/plugins/akismet/_inc/akismet.js
wp-content/plugins/akismet/akismet.php
wp-content/plugins/akismet/class.akismet.php
wp-content/plugins/akismet/readme.txt
wp-includes/js/plupload/handlers.js
wp-includes/js/plupload/handlers.min.js
wp-includes/js/wp-api.js
wp-includes/js/wp-api.min.js
wp-includes/class-http.php
wp-includes/class-wp-customize-manager.php
wp-includes/class-wp-xmlrpc-server.php
wp-includes/taxonomy.php
wp-includes/version.php

Log into your website and make sure you’re running the latest version of WordPress and spread the word by sharing this article and video.

Get DevWP - WordPress Development Training Theme

Find Me On