WordPress Security and Maintenance release

WordPress Security and Maintenance Release – 4.7.2

WordPress Security and Maintenance Release 4.7.2 is now available on site. This release patches several vulnerabilities found in WordPress core. This update is relevant to all older WordPress versions. As always, we recommend not to ignore WordPress Security and Maintenance updates and update your sites as soon as possible.

WordPress Security release 4.7.2 key points

  • Press This function user interface for assigning taxonomy terms is shown to users who do not have permissions to use it. This vulnerability found and reported by David Herrera of Alley Interactive.
  • WP_Query suffers from SQL injection (SQLi) vulnerability when passing unsafe data. In this case, WordPress core is not vulnerable on its own. It was patched just to prevent WordPress plugins and themes from accidental vulnerability triggering. This issue was found and reported by Mo Jangda (batmoo).
  • Post list table vulnerable to a cross-site scripting (XSS) and the vulnerability found and reported by Ian Dunn (WordPress Security Team).
  • An unauthenticated privilege escalation vulnerability in a REST API endpoint. Issue discovered and reported by Marc-Alexandre Montpas (Sucuri).

WordPress Security and Maintenance Release 4.7.2 caused a great resonance because of delayed update information disclosure. Upon the release of update details, many websites with outdated WordPress versions have experienced various attacks, and some of them were successful.

Darius S.

Similar Posts

ThreatPress API keys

Free WordPress Vulnerability Database API

Recently, we received a few queries related to our services, specifically for WordPress Vulnerability Database. So to make it clear we ...

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

PCI compliance WooCommerce

What is PCI compliance and do you need it for your WooCommerce store

PCI compliance or more precisely PCI DSS (Payment Card Industry Data Security Standard) developed by the Payment Card Industry Security ...

Leave a Reply

Your email address will not be published. Required fields are marked *