WordPress have released an important update today which fixes some vulnerabilities in previous versions.
We strongly encourage you to update your WordPress website as soon as you can. WordPress versions 4.7.2 and earlier are affected by six security issues:
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
If you need help backing up and updating your WordPress website, give a member of our team a call on 0800 084 3086 today.