WordPress 4.7.5: Security and Maintenance Release


WordPress has recently rolled out a security release: WordPress 4.7.5. WordPress websites built with all previous versions are affected. Some of the security issues include:

  • Insufficient redirect validation in the HTTP class
  • Improper handling of post meta data values in the XML-RPC API
  • Lack of capability checks for post meta data in the XML-RPC API
  • A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog
  • A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files
  • A cross-site scripting (XSS) vulnerability was discovered related to the Customizer

We strongly encourage all users to log into their sites to check if an update is required. Depending on the existing version of WordPress you have, your WordPress may have been automatically updated. If a manual update is needed, remember to perform a full site backup before updating your site. To update, log into the WordPress dashboard. Hit the “Update Now” button located on the top of the browser. For full details of the release, please visit this article from

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.



Related Articles & Comments

Leave a Comment

Your email address will not be published. Required fields are marked *

Popular tags

custom-background custom-colors custom-header custom-menu featured-images free responsive theme free WordPress plugin free WordPress theme full-width-template one-column responsive-layout responsive theme right sidebar sticky-post theme-options threaded-comments translation-ready two columns WordPress plugin WordPress theme