Upgrade now to version 4.73!
We Live Security explains:
Another day, another important security update for WordPress. Oh boy.
If you administer your own self-hosted WordPress website then your must update the software as soon as possible, following the disclosure of six security holes that could be exploited by malicious attackers.
Version 4.7.3 of the immensely popular web-publishing software has been released, alongside a warning that if left unpatched websites could be vulnerable to various threats, including cross-site scripting and request forgery attacks:
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.