WordPress has just released a Security and Maintenance Update. The new version is WordPress 4.7.5. It’s important that you confirm that your website has been automatically updated.
Update WordPress to 4.7.5
There were 6 Security Issues that were addressed and 3 maintenance issues resolved with this latest release. Note, your website should have automatically updated to the latest version unless you disabled the auto-update feature.
Here are the 6 Security issues that were resolved:
- Insufficient redirect validation in the HTTP class.
- Improper handling of post meta data values in the XML-RPC API.
- Lack of capability checks for post meta data in the XML-RPC API.
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
Most of these issues can be dealt with if you use a Security Plugin like iThemes Security and disable and limit the XML-RPC and other settings. I created a video on how to properly setup iThemes Security, check it out on my YouTube Channel.
Here’s a list of the files that were updated with this latest release.
wp-admin/includes/file.php wp-admin/js/common.js wp-admin/js/common.min.js wp-admin/js/customize-controls.js wp-admin/js/customize-controls.min.js wp-admin/js/updates.js wp-admin/js/updates.min.js wp-admin/about.php wp-admin/customize.php wp-content/plugins/akismet/_inc/img/logo-full-2x.png wp-content/plugins/akismet/_inc/akismet.css wp-content/plugins/akismet/_inc/akismet.js wp-content/plugins/akismet/akismet.php wp-content/plugins/akismet/class.akismet.php wp-content/plugins/akismet/readme.txt wp-includes/js/plupload/handlers.js wp-includes/js/plupload/handlers.min.js wp-includes/js/wp-api.js wp-includes/js/wp-api.min.js wp-includes/class-http.php wp-includes/class-wp-customize-manager.php wp-includes/class-wp-xmlrpc-server.php wp-includes/taxonomy.php wp-includes/version.php
Log into your website and make sure you’re running the latest version of WordPress and spread the word by sharing this article and video.