Story image

WordPress releases 4.7.3 update to address major security issues

09 Mar 17

WordPress is encouraging all users to upgrade to its new 4.7.3 version, saying that users of older versions may still be susceptible to cyber attacks.

Earlier this year the company found that its 4.7.1 version had major vulnerabilities that could give attackers access to servers and users. 

The company then issued an urgent security update to 4.7.2, and now the company is urging users to upgrade yet again.

The new updates address six vulnerabilities in previous versions, according to the WordPress blog:

  • Cross-site scripting (XSS) via media file metadata
  • Control characters can trick redirect URL validation
  • Unintended files can be deleted by administrators using the plugin deletion functionality
  • Cross-site scripting (XSS) via video URL in YouTube embeds.  Reported by Marc Montpas.
  • Cross-site scripting (XSS) via taxonomy term names
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources

According to Australian advisory board Stay Smart Online, three of those vulnerabilities fool users into thinking a malicious site is a legitimate WordPress site, which can then collect sensitive data such as passwords and private information.

One of the vulnerabilities can also allow an attacker to slow down or crash a WordPress server by making a specific site demand excess server resources, Stay Smart Online states. 

WordPress says the new update also includes 39 maintenance fixes. 

Users can upgrade by logging into their site as administrator and then clicking ‘updates’ in the WordPress dashboard. Automatic updates are recommended. 

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.