WordPress has released a new version and it fixes six security issues that could affect your site. We have all seen from the recent hacking scandal of the NHS that vulnerabilities can be exposed, so it’s critical that you update your sites to the latest version of WordPress as soon as possible.
The six security issues that have been fixed are:
- Insufficient redirect validation in the HTTP class
- Improper handling of post meta data values in the XML-RPC API
- Lack of capability checks for post meta data in the XML-RPC API
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialogue
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer
It’s great news that WordPress are being so proactive in the finding and fixing of potential security issues. If you haven’t already received an automatic update email then we strongly recommend updating your sites as soon as possible. You can see the official blog post about this by clicking here.