FunctionEight would like to encourage you to update to 4.7.5 as soon as possible. If you can remember last January 2017, WordPress released 4.7.2 and they delayed disclosing a vulnerability for a week. That vulnerability was the infamous WordPress defacement vulnerability which resulted in hundreds of thousands of sites being defaced and multiple highly active attack campaigns.

Thanks to the responsible disclosure to the WordPress security team, the following vulnerabilities that affected WordPress versions 4.7.4 and earlier were patched:

  1. Insufficient redirect validation in the HTTP class.
  2. Improper handling of post meta data values in the XML-RPC API.
  3. Lack of capability checks for post meta data in the XML-RPC API.
  4. A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

Security releases are important as they keep your websites safe from outside threats. Please make sure you update you websites immediately.

Additionally, WordPress 4.7.5 also contains a few maintenance fixes on REST API, Taxonomy, Build/Test Tools and Administration.

Reference : https://wordpress.org/news/2017/05/wordpress-4-7-5/

Good thing we have updated our client’s WordPress immediately after the release announcement.

To help you with your website upgrade please contact april.kwong@functioneight.com