Recently WordPress released with new version that is 4.7.3. Previous version 4.7.2 and before are having few security loop holes. All the known security issues have been fixed in this new version. We strongly suggest you to update your websites immediately.

Below are the few security issues fixed in this new release:

  1. Cross-site scripting (XSS) via taxonomy term names
  2. Cross-site scripting (XSS) via video URL in YouTube embeds
  3. Cross-site scripting (XSS) via media file metadata
  4. Control characters can trick redirect URL validation.
  5. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
  6. Unintended files can be deleted by administrators using the plugin deletion functionality.

A total of 39 other maintenance fixes have been performed.For more information, check the list of changes here.

I strongly recommend to update your WordPress websites immediately to make them secure. Some websites are having automatic update enabled, they have been updated automatically. But those who have disabled this automatic update feature are recommended to update it on priority basis by :

  • Click on “Update Now” option from dashboard which update WordPress to your latest version automatically.
  • Go to Admin Dashboard => Updates and click on “Update Now” button to update it automatically.
  • Go for manual update.

As we know that hackers always look for the outdated versions to attack, So we should update WordPress on regular basis to make it more secure.

Keep Updated, Stay Secure 🙂