WordPress updated to fend off SQL and XSS bugs

News by Greg Masters

WordPress 4.7.2 was released on Thursday and users of the popular CMS platform are strongly encouraged to upgrade immediately.

WordPress 4.7.2 was released on Thursday and users are strongly encouraged to upgrade immediately.

The release upgrades all previous versions of the free and open-source content management system (CMS) reportedly used by 60 million websites.

Three security issues are addressed with the patch, according to the release note.

First, the user interface for assigning taxonomy terms in "Press This" is shown to users who do not have permissions to use it.

Second, a flaw that could allow an SQL injection when passing unsafe data is patched in WP_Query. While the core is not directly vulnerable, the organisation said it bolstered the element to "prevent plugins and themes from accidentally causing a vulnerability."

The third fix addresses a cross-site scripting (XSS) vulnerability that was detected in the posts list table.

WordPress users who set up their preferences to accept security updates automatically received emailed notification of the upgrade. Other users are urged to apply the update quickly by heading over to Dashboard/Updates and clicking “Update Now.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop