WordPress versions 4.7.2 and earlier are affected by six security issues
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation
- Unintended files can be deleted by administrators using the plugin deletion functionality
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources
Impact: Intruder may perform malicious activity by exploiting above mention vulnerabilities.
Mitigation: Vendor has released new version (WordPress 4.7.3).
Press release April 2023: Situational Security Alerts from CIRT
21 Apr 2023 - Articles, English articles, News, Notice, Security Advisories & Alerts
Security Best Practices
29 Mar 2023 - Security Advisories & Alerts