March 10, 2017
A recent security update has been released by wordpress.org regarding website security protocols. The security has been termed as “WordPress 4.7.3 Security and Maintenance Release”. WordPress.org strongly recommends its users to update this version of the security in the respective websites.
The functionalities of the security update are as follows:
Cross site scripting (XSS) via media file
This update is very crucial since hackers use this script to extract all the password vulnerabilities by passing the access controls of the websites, such as origin policy. The breach can result in missing information from the website or may be a total website shut down.
Cross-site scripting (XSS) via taxonomy term names
This security update will control the hackers to use common internet protocol taxonomies or related terminology which are usually used to infringe the security rules of the websites.
Cross-site scripting (XSS) via video URL in YouTube embeds
Embedded contents in youtube often infringed by using the share/ like or comment section. The virus thus attacks the site through such embedded contents and will automatically route to the Trojan content files. This security update will prevent the hacker from such breach.
Cross-site request forgery (CSRF) in Press
This update leads to excessive use of server resources. This helps the administrators to restrict use of the unwanted website space by the users.
Control characters can trick redirect URL validation
This update will enable the user to migrate to different URL and can gather more information, restricting this URL redirection can result to confinement of the website to limited users.
Unintended files can be deleted by administrators using the plug-in deletion functionality
This update is crucial from the administrator’s point of view. This will enable to keep the website clean and free from unwanted cookies that get added during transaction and surfing.