WordPress Security and Maintenance Release 4.7.3 is now available on WordPress.org site. This release patches several vulnerabilities found in WordPress core. This update is relevant to all older WordPress versions. As always, we recommend not to ignore WordPress Security and Maintenance updates and update your sites as soon as possible.
WordPress Security release 4.7.3 key points
- Cross-site scripting (XSS) via media file metadata found and reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
- Vulnerability by which control characters can trick redirect URL validation found and reported by Daniel Chatfield.
- Unintended files can be deleted by administrators using the plugin deletion functionality. Found and reported by TrigInc and xuliang.
- Cross-site scripting (XSS) vulnerability via video URL in YouTube embeds found and reported by Marc Montpas.
- Cross-site scripting (XSS) vulnerability via taxonomy term names found reported by Delta.
- Cross-site request forgery (CSRF) in Press This function leading to excessive use of server resources. Found and reported by Sipke Mellema.
Moreover, WordPress Security Release 4.7.3 contains thirty-nine fixes for WordPress 4.7 series. For more information, you can check the complete list of changes. Information about fixed vulnerabilities potentially dangerous to websites with outdated WordPress versions. Please make an update now.