WordPress 4.9.7 Addresses File Deletion Vulnerability

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

WordPress 4.9.7 is now available and resolves this vulnerability. This is a security and maintenance release for all versions since WordPress 3.7.

Security Risk: Medium


  1. Update immediately to4.9.7
  2. It is recommended that automatic updates be enabled on WordPress sites

WordPress websites and blogs hosted by CTLT

If your WordPress website is hosted by CTLT cms.ubc.ca, or your blog is hosted on blogs.ubc.ca, CTLT has addressed the upgrade already.

Additional Information


If you have any questions, please contact security@ubc.ca