WordPress Version 4.7.5 Released

. May 19, 2017 . 0 Comments

WordPress 4.7.5 has been released, with 3 maintenance fixes and security fixes.

Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

More information: https://codex.wordpress.org/Version_4.7.5

Category: WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *