KC Jan 16

 

Does your website runs on an open source Content Management System (CMS) such as Wordpress? Wordpress has a new update, WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7 and earlier are affected by some security issues

* Remote code execution in PHPMailer
* The REST API exposed user data for all users who had authored a post of a public post type.
* Cross-site scripting via the plugin name or version header on update-core.php.
* Cross-site request forgery bypass via uploading a Flash file.
* Cross-site scripting via theme name fallback.
* Post via email checks if default settings aren’t changed.
* A cross-site request forgery was discovered in the accessibility mode of widget editing.
* Weak cryptographic security for multisite activation key.

In addition to the security issues, WordPress 4.7.1 fixes 62 bugs from 4.7.

To learn more click here.