Six vulnerabilities have recently been detected in WordPress that includes three cross-site scripting errors found in handling of file metadata, YouTube video URLS, and taxonomy term names.
An update to WordPress version 4.7.3 will resolve this issue, and address other maintenance issues in WordPress.
Security Risk: Severe
Action:
- Update immediately to 4.7.3
- It is recommended that automatic updates be enabled on WordPress sites
WordPress websites hosted by CTLT
If your WordPress website is hosted by CTLT cms.ubc.ca, CTLT has addressed the upgrade already.
Additional Information
Maintenance release: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
WordPress also provides the following feed for administrators to stay current on security updates: https://wordpress.org/news/category/security/feed/
If you have any questions, please contact security@ubc.ca