Back
WordPress Security and Maintenance release

WordPress Security and Maintenance Release – 4.7.2

WordPress Security and Maintenance Release 4.7.2 is now available on WordPress.org site. This release patches several vulnerabilities found in WordPress core. This update is relevant to all older WordPress versions. As always, we recommend not to ignore WordPress Security and Maintenance updates and update your sites as soon as possible.

WordPress Security release 4.7.2 key points

  • Press This function user interface for assigning taxonomy terms is shown to users who do not have permissions to use it. This vulnerability found and reported by David Herrera of Alley Interactive.
  • WP_Query suffers from SQL injection (SQLi) vulnerability when passing unsafe data. In this case, WordPress core is not vulnerable on its own. It was patched just to prevent WordPress plugins and themes from accidental vulnerability triggering. This issue was found and reported by Mo Jangda (batmoo).
  • Post list table vulnerable to a cross-site scripting (XSS) and the vulnerability found and reported by Ian Dunn (WordPress Security Team).
  • An unauthenticated privilege escalation vulnerability in a REST API endpoint. Issue discovered and reported by Marc-Alexandre Montpas (Sucuri).

WordPress Security and Maintenance Release 4.7.2 caused a great resonance because of delayed update information disclosure. Upon the release of update details, many websites with outdated WordPress versions have experienced various attacks, and some of them were successful.

Darius S.

Similar Posts

Social Warfare plugin vulnerabilities exploited

Social Warfare plugin under attack due to critical security vulnerabilities

Social Warfare plugin has more than 60,000 active installs, and now it suffers from the wave of attacks ignited by recently discovered two ...

Easy WP SMTP plugin vulnerability

Easy WP SMTP plugin vulnerability threatens 300k WordPress websites

Easy WP SMTP plugin gets a lot of attention these days due to zero-day (0-day) vulnerability disclosed recently. Why it gets so much ...

Coinhive closing

Coinhive closes – hackers will lose their favorite tool of exploitation

Coinhive development team published a blog post about the discontinuation of Coinhive system. Yes, the same Coinhive that we talked about ...

Leave a Reply

Your email address will not be published. Required fields are marked *