Last Wednesday, WordPress released version 4.7.1 of their software. Most WordPress websites were auto-updated since this is a security fix that targeted eight security bugs, including a fix for the PHP mailer issue that they announced last month.

The PHP mailer issue was an especially high-risk vulnerability, despite no publically known possible exploits as of yet. Had it been exploited, it could have allowed an attacker to execute malicious code on the victim’s website, enabling it to take full control of the site.

The security release also fixed the WordPress REST API issue, which allowed user data for post authors to be exposed by default, leaving them open to username harvesting. This bug did not affect WordFence, our preferred security software of choice, users running version 6.2.8 or later, as they were already protected.

Other fixes in this update included:

  • Cross-site scripting (XSS) via theme name fallback
  • Post via email checks if default settings aren’t changed
  • A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing
  • Weak cryptographic security for multisite activation key
  • Cross-site request forgery (CSRF) bypass via uploading a Flash file
  • Cross-site scripting (XSS) via the plugin name or version header on update-core.php

This update also fixed 61 other bugs from version 4.7.

If your site didn’t auto-update for some reason, you should upgrade it at your earliest convenience, or contact us for a price to do the update for you. Be sure to backup your website, as always, before doing the update.


Nora Kramer
Follow Me

Nora Kramer

Lead Web Designer & Developer at Nora Kramer Designs
Nora Kramer is a website professional and online marketing consultant with over two decades of experience in graphic design, website development and company branding. She also has a passion for photography and writing. Nora received the Charlie Award (1st Place) in 2002 for "Best Magazine Feature Article of the Year" from the Florida Magazine Association.
Nora Kramer
Follow Me
Click To Call