A new version of WordPress has been released comprised of 3 security fixes. Users are advised to update to WordPress version 4.7.2 immediately.
WordPress versions 4.7.1 and earlier are affected by three security issues.
- The UI for assigning taxonomy terms is viewable to users who should not have permission to use it.
- WP_Query is vulnerable to an SQL Inject attack.
- Cross-site Scripting vulnerabilities are present in the posts list table.
We advise all WordPress users to update to 4.7.2 immediately to prevent the risk of a site compromise.
Updating WordPress is as simple as navigating to Dashboard → Updates and clicking Update Now or alternatively by downloading directly.
Your website may be up to date if your site supports automatic background updates, so in cases there may be no need to manually update.
As always, our thanks goes to the great community members acting out responsible disclosure, and the amazing WordPress development team for their quick patching.
Don’t delay, upgrade today!
Rate this post