The Complete Magazine on Open Source

WordPress releases v4.7.1 with important security fixes

2.56K 0

WordPress 4.7.1 update

WordPress has released v4.7.1 as the latest build of the world’s popular blogging platform. The incremental update brings 62 bug fixes and eight security issues and is available through automatic updating system for WordPress users.

The release of WordPress 4.7.1 has come just a month after the release of Vaughan (4.7) version in December. In the list of changes, the latest update most notably brings a fix for a security issue in PHPMailer library.

The email creation and transfer library for PHP was found with remote code execution vulnerability following the WordPress 4.7 release last month. The critical vulnerability could expose the access to web server’s user data. Moreover, the attacker was able to compromise the security and target web applications using malicious code.

The issue was patched in PHPMailer 5.2.20 release. Although the vulnerability did not directly impact WordPress users, it was still important to issue an update with a patched version of PHPMailer.

Apart from the fix for the PHPMailer vulnerability, the version 4.7.1 has patched a critical issue with REST API. The security hole was potentially exposing user data.

The new WordPress update has brought patches for Cross Site Scripting (XSS) vulnerability as well as Cross Site Request Forgery (CSRF) flaws. Also, the WordPress team has worked on some important configuration changes in posting story via email and improved security for weak cryptographic used for multisite deployment.

10 million downloads

WordPress 4.7 is claimed to be downloaded over 10 million times since its official debut on December 6. It brought various tweaks and improvements over its predecessor and enhanced the blogging experience through features such as theme starter content, edit shortcut option, video headers and PDF thumbnails.