Update To WordPress Version 4.7.1 & Fix 8 Security issues Instantly

Digital Marketing Consultant

Release Date – 11 Jan, 2017,

  1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins investigated but, updated PHPMailer in this release as a caution.
  2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
  3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php.
  4. Cross-site request forgery (CSRF) bypass via uploading a Flash file.
  5. Cross-site scripting (XSS) via theme name fallback.
  6. Post via email checks mail.example.com if default settings aren’t changed.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing.
  8. Weak cryptographic security for multisite activation key.

For information check out wordpress.org