1. SEJ
  2.  ⋅ 
  3. News

WordPress 4.7.1 Security Release Available, Immediate Update Recommended

A security release for all previous versions WordPress is now available, which the company strongly recommends all users upgrade to immediately.

The previous version of WordPress, version 4.7, has been downloaded over 10 million times since being released last month. However, it didn’t come without its flaws.

Specifically, the release addresses eight security issues affecting WordPress versions 4.7 and earlier:

  • Remote code execution (RCE) in PHPMailer
  • The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
  • Cross-site scripting (XSS) via the plugin name or version header on update-core.php.
  • Cross-site request forgery (CSRF) bypass via uploading a Flash file.
  • Cross-site scripting (XSS) via theme name fallback.
  • Post via email checks if default settings aren’t changed.
  • A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing.
  • Weak cryptographic security for multisite activation key.

WordPress strongly relies on its community when it comes to updating and improving its content management system, and this update was no exception. All of the above issues were reported by WordPress users in an effort to keep the CMS safe and secure.

In addition to the issues listed above, WordPress 4.7.1 fixes 62 bugs from 4.7. Version 4.7.1 can be downloaded directly from your WordPress dashboard, or you may already have it if you’ve signed up for automatic updates.

Category News Web Dev SEO
SEJ STAFF Matt G. Southern Senior News Writer at Search Engine Journal

Matt G. Southern, Senior News Writer, has been with Search Engine Journal since 2013. With a bachelor’s degree in communications, ...

WordPress 4.7.1 Security Release Available, Immediate Update Recommended

Subscribe To Our Newsletter.

Conquer your day with daily search marketing news.