A security release was issued by WordPress. We suggest you have this update applied to your WordPress website immediately.
WordPress 4.7.3 Security and Maintenance Release (wordpress.org)
WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.2 and earlier are affected by six security issues:
- Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
- Control characters can trick redirect URL validation. Reported by Daniel Chatfield.
- Unintended files can be deleted by administrators using the plugin deletion functionality. Reported by xuliang.
- Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Daniel Cid.
- Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. Reported by Sipke Mellema.
Thank you to the reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series.
The previous version of WordPress was 4.7.2 on January 26, 2017.
Our Website Maintenance Department will be in contact with you regarding these upgrades. Clients that have signed up for our Automatic WordPress Update Program or Website Care program will get their website updated in the next week or so or if a follow-up version of WordPress is released.
View the complete list of WordPress versions here.
Read more about why WordPress updates are important.
If you haven’t heard about our Website Care program, then you’re missing out on savings and peace of mind!
There are different levels to choose from but with each level, you get your installation of WordPress checked weekly for updates to the core software, plugins and themes. The benefit is that your website software is kept up to date. This work is done by hand and we test your website after the upgrade to make sure everything works like it should.
The program is either by monthly subscription or you can save 10% and pay for a year in advance. When you use this program you save about 40% on updating WordPress. It’s kind of a no-brainer!
Sleep better knowing that your website is being taken care of when you enroll in our Website Care program today!
-Webstix Support
