WordPress 4.7.2 is out! This one is a security release, and doesn’t bring exciting new features (unfortunately) – but it does bring a number of big security fixes that should be implemented on your site, ASAP! The fixes it contains include a small permissions issue where the taxonomy terms are exposed to users without permission (as part of the Press This functionality), an issue with WP_Query being open to passing unsafe data (which, the WordPress team has noted that does not make the core directly vulnerable as a result – phew!), a cross-site scripting (XSS) attack vector as part of the post list table, and final an issue with the REST API exposing an unauthenticated privilege escalation attack vector.
Another big long list of security issues patched, but if your site is still running 4.7.1, you’re still out in the open! Of course, if you’re a WordPresto client on one of our regularly updated plans, your WordPress install is probably in tip-top shape running the latest and greatest already. The WordPress developers work hard to ensure that security issues are patched quickly, but this is only part of the battle – the rest of the responsibility lies with the website owner keeping their software up to date. Luckily, in your case, that’s us at WordPresto!
If you’re not a WordPresto client, why not sign up today and see what we’re all about. We promise you’ll be happy knowing you don’t have to worry about these WordPress issues!