Back
WordPress Security and Maintenance release

WordPress Security and Maintenance Release – 4.7.5

WordPress Security and Maintenance Release 4.7.5 available to download from May 16, 2017. We urge you to update your WordPress sites immediately and don’t forget to make a full site backup before updating. All previous versions of WordPress are affected by vulnerabilities patched by this update. You can update your sites automatically right from your WordPress admin dashboard from the section “Updates” (Dashboard → Updates → Update Now). Also, you can simply rewrite the WordPress files by FTP, but it’s way safer to do it from the WordPress dashboard.

WordPress Security and Maintenance Release fixed security issues

  • Insufficient redirect validation in the HTTP class. Discovered and reported by Ronni Skansing.
  • Incorect handling of post meta data values in the XML-RPC service API. Discovered and reported by Sam Thomas.
  • Lack of capability checks for post meta data in the XML-RPC service API. Discovered and reported by Ben Bidner (WordPress Security Team).
  • A Cross Site Request Forgery (CRSF) vulnerability in the file system credentials dialog. Discovered and reported by Yorick Koster.
  • A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Discovered and reported by Ronni Skansing.
  • A cross-site scripting (XSS) vulnerability was discovered related to the WordPress Customizer. Discovered and reported by Weston Ruter (WordPress Security Team).

WordPress version 4.7.5 fixes not related to the security

  • Administration – fixed Shift-click function to select a range of checkboxes (wasn’t working since version 4.7.3 update).
  • Build/Test Tools – latest Akismet version included.
  • REST API – REST API JS Client connecting to multiple endpoints at the same time.
  • Taxonomy – fixed issue when get_the_terms() doesn’t respect register_taxonomy()’s ‘orderby’ => ‘term_order’.

Updated files

  • wp-admin/includes/file.php
  • wp-admin/js/common.js
  • wp-admin/js/common.min.js
  • wp-admin/js/customize-controls.js
  • wp-admin/js/customize-controls.min.js
  • wp-admin/js/updates.js
  • wp-admin/js/updates.min.js
  • wp-admin/about.php
  • wp-admin/customize.php
  • wp-content/plugins/akismet/_inc/img/logo-full-2x.png
  • wp-content/plugins/akismet/_inc/akismet.css
  • wp-content/plugins/akismet/_inc/akismet.js
  • wp-content/plugins/akismet/akismet.php
  • wp-content/plugins/akismet/class.akismet.php
  • wp-content/plugins/akismet/readme.txt
  • wp-includes/js/plupload/handlers.js
  • wp-includes/js/plupload/handlers.min.js
  • wp-includes/js/wp-api.js
  • wp-includes/js/wp-api.min.js
  • wp-includes/class-http.php
  • wp-includes/class-wp-customize-manager.php
  • wp-includes/class-wp-xmlrpc-server.php
  • wp-includes/taxonomy.php
  • wp-includes/version.php
Darius S.

Similar Posts

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

ThreatPress API keys

WordPress Vulnerabilities Database and SiteScan premium API key offer for everyone

Recently, we received a few queries related to our services, specifically WordPress Vulnerabilities Database and SiteScan website scanner. ...

WordPress 5.0 to 5.0.1

WordPress 5.0 and its vulnerabilities found in the first week of release

The long awaited WordPress version 5.0 has finally become available from the 2018 December 6. Some users waited for this version with ...

Leave a Reply

Your email address will not be published. Required fields are marked *