The latest update for WordPress, the WordPress 4.7.1 was officially launched on January 11, 2017. The update has been quite beneficial for the WordPress community as it the latest version comes with 62 bugs as well as 8 major security issues and introducing the latest CMS version as a whole. The WordPress 4.7.1 update has been launched soon after the WordPress 4.7 ‘Vaughan’ was introduced recently on Dec. 6, 2016. Within a month since its release, WordPress 4.7 Vaughan has 15 million+ downloads reported, according to the WordPress news.
Millions of WordPress developers and site owners started getting notifications about the latest available update. The auto update feature for incremental updates has been introduced to the WordPress CMS since October 2013, when the version 3.7 was release. Here, it is important to know that the most crucial security update in the newly launched WordPress 4.7.1 is for an exposure from the PHPMailer library (which is not within the WordPress open source code). PHPMailer transfers the PHP library used by WordPress.
- Remote code execution
- The REST API user data for all the users of a post. WP 4.7.1 restricts this to a single post type to shown within the REST API.
- XSS via a plugin on update-core.php.
- Skipping the CSRF by using a Flash file.
- Cross-site scripting (XSS) via the name of the theme.
- Post via email selects mail.example.com if the default settings are not changed.
- CSRF was reported in the widget editing accessibility mode.
- Weak security for a multi-site activation key.
WordPress is an open source by the core. The framework generally relies on its active community of users and developers for updates and optimization of the content management system. This update is yet another example of the flourishing community that reported the bugs and security issues to WordPress in order to keep the CMS safe and secure.
The WordPress 4.7 version was reported to be downloaded over 15 million times. Launched on December 6 2016, the latest version took the world by storm and now, an improved WordPress 4.7.1 is available. Since this is a security release, it is advised for all the WordPress users it there to immediately update their WordPress CMS.