Six Vulnerabilities Found in WordPress, March 07, 2017 – 15:00 PT

Six vulnerabilities have recently been detected in WordPress that includes three cross-site scripting errors found in handling of file metadata, YouTube video URLS, and taxonomy term names.

An update to WordPress version 4.7.3 will resolve this issue, and address other maintenance issues in WordPress.

 

Security Risk: Severe

Action:

  1. Update immediately to 4.7.3
  2. It is recommended that automatic updates be enabled on WordPress sites

WordPress websites hosted by CTLT

If your WordPress website is hosted by CTLT cms.ubc.ca, CTLT has addressed the upgrade already.

 

Additional Information

Maintenance release: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/

WordPress also provides the following feed for administrators to stay current on security updates: https://wordpress.org/news/category/security/feed/

 

If you have any questions, please contact security@ubc.ca