WordPress issued an out of band security and maintenance release today with version 4.9.7 being pushed live patching18 bugs in the content management system.
The top issues fixed by this release eliminate a flaw that could potentially allow an unauthorized person with certain capabilities to attempt to delete files outside the uploads directory and to ensure the default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context, WordPress said in its security release.
WordPress strongly recommends all users update their sites immediately.
Other issues fixed with the release were:
- Taxonomy: Improve cache handling for term queries.
- Posts, Post Types: Clear post password cookie when logging out.
- Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
- Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
