WordPress 4.7.5 released with patch for Six Major Security Issues Including CSRF & XSS

17 May 2017

Most expected WordPress 4.7.5 is now available for update. This security update covers six security issues that exist with WordPress version 4.7.4 including CSRF.

Security Issues addressed

Insufficient redirect validation within the communications protocol category. Reported by Ronni Skansing.
Improper handling of post meta information values within the XML-RPC API. Reported by guided missile Thomas.
Lack of capability checks for post meta information within the XML-RPC API. Reported by mountain Bidner of the WordPress Security Team.
A Cross website Request Forgery (CSRF) vulnerability was discovered within the filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered once trying to transfer terribly massive files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered associated with the Customizer. Reported by Weston Ruter of the WordPress Security Team.

Read full news article on GBHackers

Date:

17 May 2017

Categorie(s):

NEWS

Tag(s):

Content-management Framework, CSRF, Issues, Open Source, Open Source Software, Security Updates, Wordpress, XSS

How APIs Help To Improve Your Customers’ Experience [5 Tips]20 April 2024
Essential Cyber Security Plan for Small Business20 April 2024
Are PayPal’s Executives Looking Towards Re-Inventing the Product’s Identity?20 April 2024
Why A One-Size-Fits-All Approach No Longer Works For Modern Banking Clients20 April 2024
What Is Zero Trust Architecture All About?20 April 2024