WordPress Announcements News and Info
WordPress Announcements News and Info

HostForLIFE.eu Launches WordPress 4.7.3 Hosting

HostForLIFE.eu WordPress 4.7.3 Hosting plan starts from just as low as €3.49/month only. WordPress is a flexible platform which helps to create your new websites with the CMS (content management system). WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.7.3 includes a comprehensive fix for this issue.

The open-source WordPress blogging and content management system (CMS) released a new incremental version on March 6, providing users with six new security patches and 39 bug fixes. The new WordPress 4.7.3 update is the third security update for WordPress so far in 2017, following the 4.7.2 update on Jan. 26 and the 4.7.1 update on Jan. 12.

HostForLIFE.eu is a popular online WordPress hosting service provider catering to those people who face such issues. The company has managed to build a strong client base in a very short period of time. It is known for offering ultra-fast, fully-managed and secured services in the competitive market.

TWordPress 4.7.3 is now available. Among the patched issues is a flaw that could have enabled control characters to trick redirect validation. There is also a patch for a vulnerability that could have potentially enabled an administrator to delete unintended files. Additionally, WordPress 4.7.3 provides a patch for a Cross Site Request Forgery (CSRF) issue in the Press This quick publishing capability.

The single biggest area of patched vulnerabilities is with Cross Site Scripting (XSS) flaws, accounting for three of the six patched issues in WordPress 4.7.3. One of the XSS vulnerabilities is via media file metadata while another is in taxonomy term names. A third XSS was found in URLs for YouTube video embeds, that was discovered by Marc-Alexandre Montpas, vulnerability researcher at Sucuri.

Montpas explained that the XSS in YouTube video embeds was discovered while Sucuri was researching how a vulnerability patched in the WordPress 4.7.2 update, identified as an unauthenticated content injection in the REST API, could be exploited. That vulnerability was very impactful and enabled attackers to modify the content of pages and posts within unpatched WordPress sites. The issue was so severe, that WordPress did not immediately disclose the vulnerability when WordPress 4.7.2 was first released, in an effort to provide more time for users to update sites.

WordPress provides an automated update mechanism in a bid to help keep sites patched. WordPress first integrated the automatic update approach back in the WordPress 3.7 release that debuted in October 2013. As such, those organizations that have left the default settings in place for automatic WordPress updates will by now already have the new WordPress 4.7.3 update.

Further information and the full range of features WordPress 4.7.3 Hosting can be viewed here: http://hostforlife.eu/European-WordPress-Hosting

Leave a comment

Your email address will not be published. Required fields are marked *