Most expected WordPress 4.7.5 is now available for update. This security update covers six security issues that exist with WordPress version 4.7.4 including CSRF.
Security Issues addressed
- Insufficient redirect validation within the communications protocol category. Reported by Ronni Skansing.
- Improper handling of post meta information values within the XML-RPC API. Reported by guided missile Thomas.
- Lack of capability checks for post meta information within the XML-RPC API. Reported by mountain Bidner of the WordPress Security Team.
- A Cross website Request Forgery (CSRF) vulnerability was discovered within the filesystem credentials dialog. Reported by Yorick Koster.
- A cross-site scripting (XSS) vulnerability was discovered once trying to transfer terribly massive files. Reported by Ronni Skansing.
- A cross-site scripting (XSS) vulnerability was discovered associated with the Customizer. Reported by Weston Ruter of the WordPress Security Team.
Read full news article on GBHackers