Story image

WordPress releases 4.7.3 update to address major security issues

09 Mar 17

WordPress is encouraging all users to upgrade to its new 4.7.3 version, saying that users of older versions may still be susceptible to cyber attacks.

Earlier this year the company found that its 4.7.1 version had major vulnerabilities that could give attackers access to servers and users. 

The company then issued an urgent security update to 4.7.2, and now the company is urging users to upgrade yet again.

The new updates address six vulnerabilities in previous versions, according to the WordPress blog:

  • Cross-site scripting (XSS) via media file metadata
  • Control characters can trick redirect URL validation
  • Unintended files can be deleted by administrators using the plugin deletion functionality
  • Cross-site scripting (XSS) via video URL in YouTube embeds.  Reported by Marc Montpas.
  • Cross-site scripting (XSS) via taxonomy term names
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources

According to Australian advisory board Stay Smart Online, three of those vulnerabilities fool users into thinking a malicious site is a legitimate WordPress site, which can then collect sensitive data such as passwords and private information.

One of the vulnerabilities can also allow an attacker to slow down or crash a WordPress server by making a specific site demand excess server resources, Stay Smart Online states. 

WordPress says the new update also includes 39 maintenance fixes. 

Users can upgrade by logging into their site as administrator and then clicking ‘updates’ in the WordPress dashboard. Automatic updates are recommended. 

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Don’t let your network outgrow your IT team
"IT professionals spend less than half of their time at work optimising their networks and beefing it up against future security threats."
Three access management trends making waves in APAC
Consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.