WordPress 4.7.3 is now available. It is the third in a series of recent security releases for WordPress core and we strongly encourage you to upgrade now.
This new 4.7.3 core release fixes three Cross-Site Scripting vulnerabilities:
- Cross-site scripting (XSS) via media file metadata.
- Cross-site scripting (XSS) via video URL on YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site request forgery (CSRF) in “Press This” leading to excessive use of server resources.
In addition to the security issues above, it includes 39 maintenance fixes to fix a range of non-security related issues.
These security and maintenance releases should not be taken for granted. If you have not upgraded to version 4.7.3, we highly encourage you to do so right now!
That’s all, enjoy.
Let me know your thoughts in the comment section below.