WordPress issues version 4.7.3 with six security fixes
Company says users are "strongly encouraged" to updates sites immediately.
Matt McGee on March 6, 2017 at 3:33 pm | Reading time: 1 minute
WordPress has released version 4.7.3 of its uber-popular content management system, and “strongly encourages” users to update right away to take advantage of the six security fixes it includes.
The company says previous versions are impacted by these security issues:
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
This version also includes fixes for almost 40 maintenance issues.
WordPress users with automatic background updates enabled are already getting notified that their sites have been updated. Others can do the update manually by visiting their WordPress dashboard.
Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.
Related stories
About the author
Contributor
Matt McGee joined Third Door Media as a writer/reporter/editor in September 2008. He served as Editor-In-Chief from January 2013 until his departure in July 2017. He can be found on Twitter at @MattMcGee.