WordPress has recently rolled out a security release: WordPress 4.7.5. WordPress websites built with all previous versions are affected. Some of the security issues include:
- Insufficient redirect validation in the HTTP class
- Improper handling of post meta data values in the XML-RPC API
- Lack of capability checks for post meta data in the XML-RPC API
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer
We strongly encourage all users to log into their sites to check if an update is required. Depending on the existing version of WordPress you have, your WordPress may have been automatically updated. If a manual update is needed, remember to perform a full site backup before updating your site. To update, log into the WordPress dashboard. Hit the “Update Now” button located on the top of the browser. For full details of the release, please visit this article from WordPress.org.