{"id":1082,"date":"2017-06-22T01:21:44","date_gmt":"2017-06-22T06:21:44","guid":{"rendered":"https:\/\/hostease.com\/blog\/?p=1082"},"modified":"2024-11-24T22:20:11","modified_gmt":"2024-11-25T03:20:11","slug":"wordpress-4-7-5-security-and-maintenance-release","status":"publish","type":"post","link":"https:\/\/www.hostease.com\/blog\/website\/wordpress-4-7-5-security-and-maintenance-release\/","title":{"rendered":"WordPress 4.7.5 Security and Maintenance Release"},"content":{"rendered":"

WordPress 4.7.5 is now available. This is a security release<\/strong> for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n

WordPress versions 4.7.4 and earlier are affected by six security issues:<\/p>\n

    \n
  1. Insufficient redirect validation in the HTTP class. Reported by\u00a0Ronni Skansing<\/a>.<\/li>\n
  2. Improper handling of post meta data values in the XML-RPC API. Reported by\u00a0Sam Thomas<\/a>.<\/li>\n
  3. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner<\/a>\u00a0of the WordPress Security Team.<\/li>\n
  4. A Cross Site Request Forgery (CSRF) \u00a0vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster<\/a>.<\/li>\n
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.\u00a0Reported by\u00a0Ronni Skansing<\/a>.<\/li>\n
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter<\/a> of the WordPress Security Team.<\/li>\n<\/ol>\n

    Thank you to the reporters of these issues for practicing\u00a0responsible disclosure<\/a>.<\/p>\n

    In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the\u00a04.7 release series.\u00a0For more information, see the release notes<\/a>\u00a0or consult the list of changes<\/a>.<\/p>\n

    Download WordPress 4.7.5<\/a>\u00a0or venture over to Dashboard \u2192 Updates and simply click \u201cUpdate Now.\u201d Sites that support automatic background updates are already beginning to update to WordPress 4.7.5.<\/p>\n

    Thanks to everyone who contributed to 4.7.5.<\/p>\n","protected":false},"excerpt":{"rendered":"

    WordPress 4.7.5 is a critical security release addressing six vulnerabilities and three maintenance fixes. Learn why immediate updates are crucial and how to upgrade your site on the HostEase Blog.<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44],"tags":[450,458,457],"class_list":["post-1082","post","type-post","status-publish","format-standard","hentry","category-website","tag-maintenance-release","tag-website-security","tag-wordpress-updates"],"aioseo_notices":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/posts\/1082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/comments?post=1082"}],"version-history":[{"count":1,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/posts\/1082\/revisions"}],"predecessor-version":[{"id":2085,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/posts\/1082\/revisions\/2085"}],"wp:attachment":[{"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/media?parent=1082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/categories?post=1082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/tags?post=1082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}