Like with any WordPress update that gets released, it is always a good idea to make sure you have a solid backup before you update.  But I’m sure the actual question many of you have is what’s in this latest maintenance release?

  • This is mainly a security release that patches 3 bugs as well.
  • 4.7.5 patches the following security issues
    • Insufficient redirect validation in the HTTP class.
    • Improper handling of post meta data values in the XML-RPC API.
    • Lack of capability checks for post meta data in the XML-RPC API.
    • A cross-site request forgery (CRSF) vulnerability in the filesystem credentials dialog.
    • A cross-site scripting (XSS) vulnerability when uploading large files.
    • A cross-site scripting (XSS) vulnerability in the Customizer.

Because this is primarily a security release, it is recommended to update your WordPress sites as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *