Millions of WordPress websites vulnerable to XSS bug
Millions of WordPress websites vulnerable to XSS bug

WordPress released version 4.7.5, a security and maintenance release for the content management system, that fixes six major issues that affected earlier versions.

The security flaws covered in this release, posted on May 16, include an insufficient redirect validation in the HTTP class, improper handling of post meta data values in the XML-RPC API, lack of capability checks for post meta data in the XML-RPC API, a Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog, a cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files, and a cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team, WordPress reported in a security bulletin.

There were also three general maintenance fixes included in the latest version.