Keep WordPress up-to-date to avoid vulnerabilities
A recent extensive attack on WordPress websites that had not been updated to the latest version resulted in the hacking of millions of websites worldwide.
As soon as we became aware of the vulnerability, we notified all customers using the vulnerable versions and urged them to update to the latest version as a matter of urgency.
To avoid such risks, ensure that your content management system, such as WordPress, is always kept up-to-date.
A Security and Maintenance Release
On March 6, 2017, WordPress 4.7.3 was released to the public, this new version can be downloaded here https://wordpress.org/download/release-archive/
This is a security release for all previous versions and it is strongly recommended that you to update your sites immediately.
Previous versions are affected by six security issues:
- Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
- Control characters can trick redirect URL validation. Reported by Daniel Chatfield.
- Unintended files can be deleted by administrators using the plugin deletion functionality. Reported by xuliang.
- Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Marc Montpas.
- Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. Reported by Sipke Mellema.