Yesterday, Automatic released an all new version of WordPress i.e. WordPress 4.7.5. WordPress 4.7.5 is the security and maintenance release that fixes six security issues. WordPress 4.7.4 and the earlier versions are affected by these six security issues.
Please Note: If you have disabled background updates then you should do update your site to the latest version manually right now.
These are security issues which are fixed by WordPress 4.7.5 release.
- Insufficient redirection validation in the HTTP class.
- Lack of compatibility checks for post meta data in the XML – RPC API.
- Improper of handling of post data values in the XML – RPC API.
- A cross-site request forgery (CRSF) vulnerability was discovered in the file system credentials dialog.
- A cross – site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
- A cross – site scripting vulnerability was discovered related to the customizer.
In addition to the above security fixes, the WordPress 4.7.5 has also fixed three bugs maintenance fixes to the 4.7 WordPress series.
To see the release note click here or consult the list of changes click here.
Go to your WordPress site dashboard to your site or download the new version of WordPress from here. Sites that support the automatic background updates are already beginning to upgrade to WordPress 4.7.5.