WordPress updated to fend off SQL and XSS bugs
WordPress 4.7.2 was released on Thursday January 26th 2017. WordPress encourages all users to upgrade immediately.
What does the new WordPress upgrade do? Well, WordPress 4.7.2 will upgrade all previous versions of the free and open-source content management system (CMS) which is reportedly used by 60 million websites. Talk about a lot of websites…
Three security issues were addressed with this patch, according to the release notes here https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release
WordPress versions 4.7.1 and earlier are affected by three security issues:
1. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
All WordPress users that have setup to accept security updates automatically received an email notification of this very important upgrade. Users that did not setup auto update are strongly advised to apply the update immediately by heading over to Dashboard/Updates and clicking on the “Update Now.”