• Skip to primary navigation
  • Skip to main content
  • Skip to footer
WPSecurityLock – Malware removal & WordPress security services

WPSecurityLock – Malware removal & WordPress security services

WordPress security, malware removal, repair, backups, ongoing maintenance, installation, site migration & support services – WP Security Lock.

  • Facebook
  • LinkedIn
  • Twitter
  • Home
  • About
    • About Us
    • Speaker Information
    • Contact Us by Phone, Email or Live Chat
    • Testimonials
  • Security Services
    • Malware / Virus Removal
    • WordPress Security and Installation Services
    • Monthly Security Packages
    • SSL Conversion Service (HTTP to HTTPS)
  • Blog
  • Resources
  • Contact
  • SafeWP

WordPress 4.7.1 Security and Maintenance Release – UPDATE NOW!

January 17, 2017 By Kelli Claypool Leave a Comment

As a fan of this blog, you know our number one area of expertise is online security, specifically WordPress. On January 11th, WordPress released and made available WordPress 4.7.1.  This is a security release for all previous versions and we strongly encourage you to update your WordPress website(s) immediately.

According to their blog, “WordPress versions 4.7 and earlier are affected by eight security issues:

  1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer.
  2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
  3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php.
  4. Cross-site request forgery (CSRF) bypass via uploading a Flash file.
  5. Cross-site scripting (XSS) via theme name fallback.
  6. Post via email checks mail.example.com if default settings aren’t changed.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing.
  8. Weak cryptographic security for multisite activation key.

In addition to the security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more information, see the release notes or consult the list of changes.”

What's next?

At this time, our professional security team strongly recommends that you update to this new version immediately. Be sure to perform a full backup prior to updating.

We can help you upgrade your WordPress!

If you're unsure how to effectively upgrade your site to the latest WordPress version or do not have time to do so, let us put your mind at ease. Our WordPress Security Experts will upgrade your WordPress blog for you!

 

Share3
Tweet3
Pin1
7 Shares

Filed Under: Other WordPress News, Security News

About Kelli Claypool

Known as the Systems Diva, Kelli Claypool is an accomplished entrepreneur, speaker, and coach, helping entrepreneurs maximize their personal and professional potential. In her fun and loving way, Kelli intentionally seeks ways to inspire and encourage others daily. She's a heels addict, pearls wearer, animal lover w/a pet pig, widow, mom, & Grammy to 2 dogs. Oh, and she loves Disco music!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s work together:

Get in touch with us and send some basic info about your project. Don't be shy, we can help with just about anything.

Contact Us!

Footer

  • Facebook
  • LinkedIn
  • Twitter

Contact

Call 815-600-7270
Contact
Mo,Tu,We,Th,Fr 9:00 am – 5:00 pm

Get WordPress Help Now

Chat With Us!
Submit A Support Ticket

Copyright © 2023 | WP Security Lock, Inc