The open-source content management system WordPress has releasedÂ urgent security updates for versions 4.7.2 and earlier and â€œstrongly encouragesâ€ users to update right away.
A Look at the WordPress March 2017 Critical Security Update
The new Version 4.7.3 contains system fixes to half a dozen security flows that allowed for:
- Cross-site scripting (XSS) viaÂ media file metadata,
- Control characters tricking redirect URL validation,
- UnintendedÂ files being deleted by administrators using the plugin deletion functionality,
- Cross-site scripting (XSS) viaÂ video URL in YouTube embeds,
- Cross-site scripting (XSS) via taxonomy term names,
- Cross-site request forgery (CSRF) in Press This leading to excessive use of serverÂ resources.
Version 4.7.3 also includes fixes forÂ almost 40 maintenance issues.
If you are currently on version 4.7.2, you should immediately move to the newest version as some of these security issues can allow for, among other things, cross-site scripting and request forgery attacks.
Websites that support automatic update are already receiving the latest WordPress update while those that prefer manual updates should head over to Dashboard Updates and simply click â€œUpdate Now.â€ You can also Download WordPress 4.7.3.
The new update comes sortly after WordPress admins were informed of a separate security crisisÂ in NextGEN Gallery plugin.
WordPress Photo via Shutterstock
More in: WordPress