WordPress 4.7.3: Update of security and maintenance
WordPress 4.7.3 is already available. This is an update of security for all the previous versions and we warmly animated to you to update your WordPress immediately to avoid vulnerabilities of type cross-site scripting (XSS).
Source: WordPress.org Spanish
All the previous versions of WordPress 4.7.2 and are affected by six problems of security:
- Cross scripting (XSS) through metadata of means archives. Informed by Chris Andr¨ Dale, Yorick Koster and Simon P. Briggs.
- The control characters can deceive the validation of redirection of the URL. Informed by Daniel Chatfield.
- The administrators can erase archives without wanting when using the functionality of erasure of plugins. Informed by xuliang.
- Cross scripting (XSS) through the inlhelp URL of the video in of YouTube. Informed by Marc Montpas.
- Cross scripting (XSS) through names of terms of taxonomies. Informed by Delta.
- Cross request forgery (CSRF) in Publishing this that takes to an excessive consumption of resources of the servant. Informed by Sipke Mellema.
In addition to the informed problems of security above, WordPress 4.7.3 contains 39 adjustments of maintenance for all the series of versions 4.7.