All the Visualmodo WordPress Themes were tested and prepared by our developer’s team to works perfectly running WordPress 4.7.2 version. Please make sure you have all the updates for better site usage.
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
Whats change in the new WordPress Version?
Versions 4.7.1 and earlier are showing three security issues:
- Firstly, the user interfaces for assigning taxonomy terms in Press. As a result, users who do not have permission to use it. Reported by David Herrera of Alley Interactive.
WP_Queryis vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
- A cross-site scripting (XSS) vulnerability was in the posts list table. So, a report by Ian Dunn of the WordPress Security Team.
- Finally, an unauthentic privilege escalation vulnerability was in a REST API endpoint. So, a report by Marc-Alexandre Montpas of Sucuri Security. *
Moreover, WordPress 4 comes with performance and optimization for speed.
Thank you to the reporters of these issues for practicing responsible disclosure.
Thanks to everyone who contributed to WordPress 4.7.2.
* Update: An additional serious vulnerability was a fix in this release and public disclosure was in a delay. For more information on this vulnerability, additional mitigation steps are taken, and an explanation for why the disclosure was delayed, please read Disclosure of Additional Security Fix in WordPress 4.7.2.
Visualmodo Themes Test