WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.
WordPress 4.9.7 is now available and resolves this vulnerability. This is a security and maintenance release for all versions since WordPress 3.7.
Security Risk: Medium
Action:
- Update immediately to4.9.7
- It is recommended that automatic updates be enabled on WordPress sites
WordPress websites and blogs hosted by CTLT
If your WordPress website is hosted by CTLT cms.ubc.ca, or your blog is hosted on blogs.ubc.ca, CTLT has addressed the upgrade already.
Additional Information
https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
If you have any questions, please contact security@ubc.ca