WordPress, as it is an open source tool used for creating website and written in PHP, is a monster-sized framework used by numerous companies around the world. Along with being a framework, it is also a powerful and easiest CMS in the recent technological era. But it’s always difficult to create WordPress’s core code without high-severity security vulnerability.
Within a week of releasing ver 4.7.1, WordPress found out an unauthenticated privilege escalation vulnerability in REST API, but as it was yet undisclosed, WordPress team started working to solve this vulnerability. And in the next week released the new security version 4.7.2, whose major role was to fix the high severity vulnerability existing by ver 4.7.1 and earlier.
And then, to fix the security issues found in 4.7.2, here comes the launch of 4.7.3. This version is said to be released for security and maintenance. We recommend all the WordPress Development Companies to update the security version to the latest one. This newest version fixes the following security issues which were found in earlier versions.
- Cross-Site Scripting(XSS) via media files metadata
This update is very crucial as the hackers will be using this script to extract all the password vulnerabilities.
- Control characters can trick redirect URL validation
This update will not allow the hackers to use common internet protocol taxonomies which may be generally used to interfere with the security rules of website.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
This is important from the admin’s point of view.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
This update will prevent hackers from virus attacks on the site.
- Cross-site scripting (XSS) via taxonomy term names.
This update will not allow the hackers to use common internet protocol taxonomies which may be generally used to interfere with the security rules of website.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
This will lead to excessive use of server resources.
In addition to these, 4.7.3 also contains 39 maintenance fixes from 4.7 release series.
WordPress says This is a security release for all the previous versions and we strongly encourage you to update your sites immediately
Image Source: myfapa
According to WordPress, The version mentioned has the solution for following major issues:
- In the version 4.7.2, an unauthenticated privilege escalation vulnerability was introduced in a REST API endpoint.
According to a report by Wordfence CEO, Mark Maunder, “During the past 24 hours we have seen an average growth in defaced pages per campaign of 44%”.
Main intention behind releasing this version was to fix the vulnerability before it becomes the cause of hacking of the website and attackers start target it. As we know, WordPress is a no more a small platform, it enables automatic updating of minor versions by default. Hence, the WordPress sites which do not need any permissions and have enabled Auto Update might have automatically updated this newest WordPress Security Version 4.7.3.
If your website gets updated automatically, make sure once if the website is working perfectly or not. It’s better to prevent disaster, although the WordPress security versions are perfectly tested, you must check it once after a series of automatic updation.
Hope you got to know major things about newest WordPress version 4.7.3. It is highly recommended to update your WordPress if you did not get it updated automatically. Also, check once after updating!
