Back
WordPress Security and Maintenance release

WordPress Security and Maintenance Release – 4.7.2

WordPress Security and Maintenance Release 4.7.2 is now available on WordPress.org site. This release patches several vulnerabilities found in WordPress core. This update is relevant to all older WordPress versions. As always, we recommend not to ignore WordPress Security and Maintenance updates and update your sites as soon as possible.

WordPress Security release 4.7.2 key points

  • Press This function user interface for assigning taxonomy terms is shown to users who do not have permissions to use it. This vulnerability found and reported by David Herrera of Alley Interactive.
  • WP_Query suffers from SQL injection (SQLi) vulnerability when passing unsafe data. In this case, WordPress core is not vulnerable on its own. It was patched just to prevent WordPress plugins and themes from accidental vulnerability triggering. This issue was found and reported by Mo Jangda (batmoo).
  • Post list table vulnerable to a cross-site scripting (XSS) and the vulnerability found and reported by Ian Dunn (WordPress Security Team).
  • An unauthenticated privilege escalation vulnerability in a REST API endpoint. Issue discovered and reported by Marc-Alexandre Montpas (Sucuri).

WordPress Security and Maintenance Release 4.7.2 caused a great resonance because of delayed update information disclosure. Upon the release of update details, many websites with outdated WordPress versions have experienced various attacks, and some of them were successful.

Darius S.

Similar Posts

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

ThreatPress API keys

WordPress Vulnerabilities Database and SiteScan premium API key offer for everyone

Recently, we received a few queries related to our services, specifically WordPress Vulnerabilities Database and SiteScan website scanner. ...

WordPress 5.0 to 5.0.1

WordPress 5.0 and its vulnerabilities found in the first week of release

The long awaited WordPress version 5.0 has finally become available from the 2018 December 6. Some users waited for this version with ...

Leave a Reply

Your email address will not be published. Required fields are marked *