WordPress 4.7.2 Security Release and Vulnerabilities | AWESEM

We know, we know, you’re probably sick of hearing us remind you to keep your WordPress site updated but we only reinforce the point because it’s so important. Whether you or a technical guru in your organisation is in charge of keeping your site updated, now’s the time to update to WordPress 4.7.2 if you haven’t already.

This latest version was released at the end of last month in response to four vulnerabilities that were spotted in WordPress 4.7.1 and reported by members of the WordPress community. A list of the security issues was shared on WordPress.org and they include:

  • An issue where the user interface for assigning taxonomy terms in Press This was shown to users without the relevant permissions
  • An issue where WP_Query was vulnerable to a SQL injection when transferring unsafe data. WordPress stressed that the WordPress core was not itself vulnerable to the issue but they added hardening to prevent any plugins or themes accidentally causing an issue
  • An issue where a cross-site scripting vulnerability was discovered in the post lists table
  • Finally, there was an unauthenticated privilege escalation vulnerability discovered in the REST API endpoint

WordPress also took the opportunity to thank the community members who spotted and reported the vulnerabilities, and went on to highlight the importance of responsible disclosure. If you spot any bugs, security risks or vulnerabilities in the latest version of WordPress there’s a simple procedure in place so you can create a ticket and bring any issues to the attention of the WordPress core development team.

No comments yet.

Leave a comment

Comment form

All fields marked (*) are required

Telephone

+44 (0) 20 7193 1411

Address

Portland House
Bressenden Place
London, SW1E 5RS, UK

Project Enquiry

Want to talk to us about a project?
Contact us here