HOME >> How To Wordpress >>

WordPress Security update: WordPress 4.7.1 release

Posted on date Jan-17-2017 · by author  · comments Leave a Comment 

WordPress Security update: WordPress 4.7.1 release

WordPress Security update: WordPress 4.7.1 release

The official WordPress news, 36 days after the official release of the WordPress 4.7 version, WordPress 4.7.1 release, which is a security update version.

This version fixes the vulnerability, which will affect all of the previous version of the WordPress, Tomas Zhu recommended you upgrade in time. Before the upgrade, please backup the modified theme files, WordPress files, as well as the database.

There are 8 issues about this security update:

1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release.
2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have

specified that they should be shown within the REST API.
3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
4. Cross-site request forgery (CSRF) bypass via uploading a Flash file.
5. Cross-site scripting (XSS) via theme name fallback.
6. Post via email checks mail.example.com if default settings aren’t changed.
7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing.
8. Weak cryptographic security for multisite activation key.

If you are not a professional technical staff, these should have little impact on us, but for the sake of safety, Tomas zhu recommended you to upgrade in time.

In addition to repair 8 major security vulnerabilities, WordPress 4.7.1 also repair 62 Bugs based on WordPress 4.7. The WordPress official had push a new version of the update notification in your site’s admin area, after backing up all the data(the modified theme files, WordPress files, as well as the database), you can updated in your site’s admin area.

The version does not involve the compatibility issues of language packs, themes and plugin, so you can update in time after having backed up.

WordPress.4.7.1 Download: https://wordpress.org/wordpress-4.7.1.zip

Leave Your Comments

CAPTCHA
*