WordPress releases version 4.7.5 fixing six security and three general issues
WordPress has released an updated version 4.7.5 that mostly contains a security and maintenance release for the content management system, which fixes six major issues that were affected in earlier versions.
The security flaws covered in this release is as follows.
- The insufficient redirect validation in the HTTP class.
- Improper handling of post Meta data values in the XML-RPC API.
- Lack of capability checks for post Meta data in the XML-RPC API.
- Cross Site Request Forgery (CRSF) vulnerability was discovered in the file system credentials dialog.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
The XSS bug has been creating vulnerability in millions of WordPress websites. Along with these six security issues, there were also three general maintenance issues fixed in the latest version.
Tag :
Wordpress
Q
Where and how should I send the product?
A
To the address in the email requesting delivery. If you haven’t received that email, please don’t ship it. Mark the product with the name of the product, the vendor and the test for which it is intended: we receive many anonymous brown boxes, often several from the same vendor for multiple tests.
Q
How exactly will you be testing our product?
A
Some details are available and, in fact, are included at the front of this document. Most, however, are confidential. A typical exception to this is for products requiring pre-configuration, with details specific to the test environment.
Q
Where and how should I send the product?
A
To the address in the email requesting delivery. If you haven’t received that email, please don’t ship it. Mark the product with the name of the product, the vendor and the test for which it is intended: we receive many anonymous brown boxes, often several from the same vendor for multiple tests.
Q
Will you sign an evaluation agreement?
A
Probably not. We are asked frequently to sign evaluation forms or NDAs, and we nearly always refuse. This is because the agreements are usually intended for potential customers not magazines, and so include specific problems including:
· Confidentiality. If the agreement requires us not to publish results, we can’t very well publish a review at all.
· Agreement on methodology. If the agreement requires us to discuss or agree testing methodology in a way that is incompatible with our policies (as discussed in this FAQ), we can not sign it.
· Confidentiality. If the agreement requires us not to publish results, we can’t very well publish a review at all.
· Agreement on methodology. If the agreement requires us to discuss or agree testing methodology in a way that is incompatible with our policies (as discussed in this FAQ), we can not sign it.
Q
When do you need stand-alone products?
A
Stand-alone reviews, historically one-page reviews conducted as one-offs and published in the magazine monthly, have now been replaced by a new First Looks column. For this new section, products reviewed represent new, innovative, unusual or late beta products and are reviewed at the invitation of the technology editor.