Back
WordPress Security and Maintenance release

WordPress Security and Maintenance Release – 4.7.5

WordPress Security and Maintenance Release 4.7.5 available to download from May 16, 2017. We urge you to update your WordPress sites immediately and don’t forget to make a full site backup before updating. All previous versions of WordPress are affected by vulnerabilities patched by this update. You can update your sites automatically right from your WordPress admin dashboard from the section “Updates” (Dashboard → Updates → Update Now). Also, you can simply rewrite the WordPress files by FTP, but it’s way safer to do it from the WordPress dashboard.

WordPress Security and Maintenance Release fixed security issues

  • Insufficient redirect validation in the HTTP class. Discovered and reported by Ronni Skansing.
  • Incorect handling of post meta data values in the XML-RPC service API. Discovered and reported by Sam Thomas.
  • Lack of capability checks for post meta data in the XML-RPC service API. Discovered and reported by Ben Bidner (WordPress Security Team).
  • A Cross Site Request Forgery (CRSF) vulnerability in the file system credentials dialog. Discovered and reported by Yorick Koster.
  • A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Discovered and reported by Ronni Skansing.
  • A cross-site scripting (XSS) vulnerability was discovered related to the WordPress Customizer. Discovered and reported by Weston Ruter (WordPress Security Team).

WordPress version 4.7.5 fixes not related to the security

  • Administration – fixed Shift-click function to select a range of checkboxes (wasn’t working since version 4.7.3 update).
  • Build/Test Tools – latest Akismet version included.
  • REST API – REST API JS Client connecting to multiple endpoints at the same time.
  • Taxonomy – fixed issue when get_the_terms() doesn’t respect register_taxonomy()’s ‘orderby’ => ‘term_order’.

Updated files

  • wp-admin/includes/file.php
  • wp-admin/js/common.js
  • wp-admin/js/common.min.js
  • wp-admin/js/customize-controls.js
  • wp-admin/js/customize-controls.min.js
  • wp-admin/js/updates.js
  • wp-admin/js/updates.min.js
  • wp-admin/about.php
  • wp-admin/customize.php
  • wp-content/plugins/akismet/_inc/img/logo-full-2x.png
  • wp-content/plugins/akismet/_inc/akismet.css
  • wp-content/plugins/akismet/_inc/akismet.js
  • wp-content/plugins/akismet/akismet.php
  • wp-content/plugins/akismet/class.akismet.php
  • wp-content/plugins/akismet/readme.txt
  • wp-includes/js/plupload/handlers.js
  • wp-includes/js/plupload/handlers.min.js
  • wp-includes/js/wp-api.js
  • wp-includes/js/wp-api.min.js
  • wp-includes/class-http.php
  • wp-includes/class-wp-customize-manager.php
  • wp-includes/class-wp-xmlrpc-server.php
  • wp-includes/taxonomy.php
  • wp-includes/version.php
Darius S.

Similar Posts

ThreatPress API keys

Free WordPress Vulnerability Database API

Recently, we received a few queries related to our services, specifically for WordPress Vulnerability Database. So to make it clear we ...

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

PCI compliance WooCommerce

What is PCI compliance and do you need it for your WooCommerce store

PCI compliance or more precisely PCI DSS (Payment Card Industry Data Security Standard) developed by the Payment Card Industry Security ...

Leave a Reply

Your email address will not be published. Required fields are marked *