sb-au logo
Story image

WordPress releases 4.7.3 update to address major security issues

09 Mar 2017

WordPress is encouraging all users to upgrade to its new 4.7.3 version, saying that users of older versions may still be susceptible to cyber attacks.

Earlier this year the company found that its 4.7.1 version had major vulnerabilities that could give attackers access to servers and users. 

The company then issued an urgent security update to 4.7.2, and now the company is urging users to upgrade yet again.

The new updates address six vulnerabilities in previous versions, according to the WordPress blog:

  • Cross-site scripting (XSS) via media file metadata
  • Control characters can trick redirect URL validation
  • Unintended files can be deleted by administrators using the plugin deletion functionality
  • Cross-site scripting (XSS) via video URL in YouTube embeds.  Reported by Marc Montpas.
  • Cross-site scripting (XSS) via taxonomy term names
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources

According to Australian advisory board Stay Smart Online, three of those vulnerabilities fool users into thinking a malicious site is a legitimate WordPress site, which can then collect sensitive data such as passwords and private information.

One of the vulnerabilities can also allow an attacker to slow down or crash a WordPress server by making a specific site demand excess server resources, Stay Smart Online states. 

WordPress says the new update also includes 39 maintenance fixes. 

Users can upgrade by logging into their site as administrator and then clicking ‘updates’ in the WordPress dashboard. Automatic updates are recommended. 

Story image
Three security essentials for financial services
Financial services organisations must provide the best possible customer experience in terms of mobile and online application availability, performance and security, writes Gigamon country manager for A/NZ George Tsoukas.More
Story image
Sophos announces collaboration with Qualcomm for PC security
This unification enables a connected, interactive computing environment that combines smartphone and PC technology to deliver security capabilities and opportunities, the company states.More
Story image
IWD 2021: LogRhythm VP on recognising the skills women bring to the table
"There is an opportunity for IT companies to strengthen their learning and development pipeline and help women acquire the relevant skills."More
Story image
Cybercriminals take bold steps forward as confidence soars - CrowdStrike report
Criminals are especially interested in targeting the supply chain as it enables them to go after multiple targets from a single intrusion point.More
Story image
Latest Tenable launch provides holistic approach to vulnerability management
Tenable.ep is reportedly the industry’s first, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change.More
Story image
How organisations can extract value from IT investments with Living Systems
Technology is everywhere, but value is not. Twelve months after the first pandemic-related lockdowns began, many organisations have discovered that they’re just not getting the return on investment they expected. Why?More