" />

WordPress 4.7.5 released with patch for Six Major Security Issues Including CSRF & XSS

Most expected WordPress 4.7.5 is now available for update. This security update covers six security issues that exist with WordPress version 4.7.4 including CSRF.

Security Issues addressed

  1. Insufficient redirect validation within the communications protocol category. Reported by Ronni Skansing.
  2. Improper handling of post meta information values within the XML-RPC API. Reported by guided missile Thomas.
  3. Lack of capability checks for post meta information within the XML-RPC API. Reported by mountain Bidner of the WordPress Security Team.
  4. A Cross website Request Forgery (CSRF) vulnerability was discovered within the filesystem credentials dialog. Reported by Yorick Koster.
  5. A cross-site scripting (XSS) vulnerability was discovered once trying to transfer terribly massive files. Reported by Ronni Skansing.
  6. A cross-site scripting (XSS) vulnerability was discovered associated with the Customizer. Reported by Weston Ruter of the WordPress Security Team.

Read full news article on GBHackers