Back
WordPress Security and Maintenance release

WordPress Security and Maintenance Release – 4.7.2

WordPress Security and Maintenance Release 4.7.2 is now available on WordPress.org site. This release patches several vulnerabilities found in WordPress core. This update is relevant to all older WordPress versions. As always, we recommend not to ignore WordPress Security and Maintenance updates and update your sites as soon as possible.

WordPress Security release 4.7.2 key points

  • Press This function user interface for assigning taxonomy terms is shown to users who do not have permissions to use it. This vulnerability found and reported by David Herrera of Alley Interactive.
  • WP_Query suffers from SQL injection (SQLi) vulnerability when passing unsafe data. In this case, WordPress core is not vulnerable on its own. It was patched just to prevent WordPress plugins and themes from accidental vulnerability triggering. This issue was found and reported by Mo Jangda (batmoo).
  • Post list table vulnerable to a cross-site scripting (XSS) and the vulnerability found and reported by Ian Dunn (WordPress Security Team).
  • An unauthenticated privilege escalation vulnerability in a REST API endpoint. Issue discovered and reported by Marc-Alexandre Montpas (Sucuri).

WordPress Security and Maintenance Release 4.7.2 caused a great resonance because of delayed update information disclosure. Upon the release of update details, many websites with outdated WordPress versions have experienced various attacks, and some of them were successful.

Darius S.

Similar Posts

Coinhive closing

Coinhive closes – hackers will lose their favorite tool of exploitation

Coinhive development team published a blog post about the discontinuation of Coinhive system. Yes, the same Coinhive that we talked about ...

Cyber Kill Chain - WordPress security perspective

Cyber Kill Chain and how to protect WordPress against all its steps

Cyber Kill Chain is a term defined by the Lockheed-Martin Corporation scientists to describe the chain of steps needed for intrusion into ...

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

Leave a Reply

Your email address will not be published. Required fields are marked *