WordPress ‘strongly encourages’ users to upgrade to version 4.7.2

Latest security release fixes three recently-reported bugs.

Chat with MarTechBot

wordpress-website1-ss-1920

WordPress has pushed out the latest version of its popular content management platform, a security release that comes just 15 days after the most recent update.

The new version is 4.7.2, and WordPress’s announcement tell users it’s an important one: “This is a security release for all previous versions and we strongly encourage you to update your sites immediately.”

This update fixes three security issues:

  1. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
  2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
  3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

Existing WordPress users can download 4.7.2 via their dashboards or via WordPress.org. Users that have background updates turned on will get the latest version automatically.


Contributing authors are invited to create content for MarTech and are chosen for their expertise and contribution to the martech community. Our contributors work under the oversight of the editorial staff and contributions are checked for quality and relevance to our readers. The opinions they express are their own.


About the author

Matt McGee
Contributor
Matt McGee joined Third Door Media as a writer/reporter/editor in September 2008. He served as Editor-In-Chief from January 2013 until his departure in July 2017. He can be found on Twitter at @MattMcGee.

Fuel up with free marketing insights.