Last Wednesday, WordPress released version 4.7.1 of their software. Most WordPress websites were auto-updated since this is a security fix that targeted eight security bugs, including a fix for the PHP mailer issue that they announced last month.

The PHP mailer issue was an especially high-risk vulnerability, despite no publically known possible exploits as of yet. Had it been exploited, it could have allowed an attacker to execute malicious code on the victim’s website, enabling it to take full control of the site.

The security release also fixed the WordPress REST API issue, which allowed user data for post authors to be exposed by default, leaving them open to username harvesting. This bug did not affect WordFence, our preferred security software of choice, users running version 6.2.8 or later, as they were already protected.

Other fixes in this update included:

  • Cross-site scripting (XSS) via theme name fallback
  • Post via email checks mail.example.com if default settings aren’t changed
  • A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing
  • Weak cryptographic security for multisite activation key
  • Cross-site request forgery (CSRF) bypass via uploading a Flash file
  • Cross-site scripting (XSS) via the plugin name or version header on update-core.php

This update also fixed 61 other bugs from version 4.7.

If your site didn’t auto-update for some reason, you should upgrade it at your earliest convenience, or contact us for a price to do the update for you. Be sure to backup your website, as always, before doing the update.

nora-signature

Nora Kramer
Follow Me

Nora Kramer

Principal + Creative Director at Nora Kramer Designs
Nora Kramer is a graphic designer, website developer, and online marketing consultant, based in the Tampa Bay, Florida area, with over two decades of experience in graphic design, website development and company branding. She also has a passion for photography and writing. Nora received the Charlie Award (1st Place) in 2002 for "Best Magazine Feature Article of the Year" from the Florida Magazine Association for a cover feature article she wrote for "Create," a graphic design magazine. You can follow all of her social media channels at about.me/norakramer.
Nora Kramer
Follow Me
Click To Call

Get Our Website Pricing Guide

Enter your email address below, and we will send you our current pricing guide immediately.

You have Successfully Subscribed!

Get access to my carefully compiled list of favorite and recommended FREE TOOLS you can start using today to assist you with your website creation, blogging, social media sharing, and more.

The list includes tools for website planning and wireframing, color palette creations, typography and font pairings, icon creation, free stock image photography resources, image and social media content creation, image compression and resizing, and search engine optimization and keyword planning.

Thank you for subscribing!

Pin It on Pinterest