WordPress 4.7.5 is now available. This is a security update for all previous versions of WordPress, and we strongly recommend that you update your websites as quickly as possible.
WordPress versions 4.7.4 and older are subject to six security issues:
- Inadequate redirect validation in the http class.
- Incorrect handling of mail meta data values in the XML-RPC API.
- Lack of capability controls for post meta data in the XML-RPC API.
- In the file system qualification window, a Cross Site Request Forgery (CSRF) vulnerability has been detected
- A cross-site scripting (XSS) vulnerability has been detected when uploading very large files.
- A cross-site scripting (XSS) vulnerability has been discovered that is related to the WordPress Customizer.
In addition to the above-mentioned security issues, WordPress 4.7.5 also contains a number of maintenance fixes in WordPress 4.7 “Vaughan,” released in early December. For more information, see the list of adjustments.
WordPress 4.7.5 is available for download. You can also go to your WordPress Dashboard and then to Updates> Update Now. WordPress websites where automatic updates are enabled have already started updating to the new WordPress version.
WordPress Website Update Package
If you never want to worry about updates and the security of your WordPress website, purchasing the WordPress Website Update Package is definitely worth it. With this package, the latest WordPress and plugin updates are always installed directly on your website. Any features that no longer work after an update will be restored free of charge.
Because this content update has nothing changed to the features of WordPress CMS, all WordPress manuals still only apply to WordPress 4.7.5. In case any substantive changes are made, we will check the manuals of course and we will apply them as needed.
WordPress 4.7.5 will probably be the latest version for WordPress 4.8, the first beta version of which is now available for download.