Patch/Configuration Management, Vulnerability Management

WordPress releases version 4.7.5 fixing 6 security issues

WordPress released version 4.7.5, a security and maintenance release for the content management system, that fixes six major issues that affected earlier versions.

The security flaws covered in this release, posted on May 16, include an insufficient redirect validation in the HTTP class, improper handling of post meta data values in the XML-RPC API, lack of capability checks for post meta data in the XML-RPC API, a Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog, a cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files, and a cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team, WordPress reported in a security bulletin.

There were also three general maintenance fixes included in the latest version.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.