Software

Release: WordPress 4.7.2

The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.
The WordPress Logo

Last week WordPress released the second security update for version 4.7. There were 3 security issues fixed:

  • Interface for assigning taxonomy terms in Press This was shown to users who did not have permission
  • An SQL injection vulnerability was patched in the WP_Query class to prevent poorly coded plugins and themes from falling victim (involving post types)
  • Fixed a cross-site scripting (XSS) vulnerability in the post listing table (excerpts were not being escaped)

It is strongly encouraged that, if you are not using an automated update system, you manually update/upgrade your version of WordPress to this latest to prevent exploitation.

WordPress 4.7.2 Security Release

 

1 Comment

Leave a Comment