WordPress versions 4.7.2 and earlier are affected by six security issues


  1. Cross-site scripting (XSS) via media file metadata.
  2. Control characters can trick redirect URL validation
  3. Unintended files can be deleted by administrators using the plugin deletion functionality
  4. Cross-site scripting (XSS) via video URL in YouTube embeds.
  5. Cross-site scripting (XSS) via taxonomy term names.
  6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources

Impact: Intruder may perform malicious activity by exploiting above mention vulnerabilities.

Mitigation: Vendor has released new version (WordPress 4.7.3).

Reference URL’s: