Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

WordPress 4.7.5 Security Release – Immediate Update Recommended

This entry was posted in WordPress Security on May 17, 2017 by Mark Maunder   10 Replies

A few hours ago WordPress abruptly released 4.7.5 which is a security release. It fixes six vulnerabilities which are detailed on the wordpress.org blog.

I’d like to encourage you to update to 4.7.5 as soon as possible. Unless you have disabled automatic updates, your site may have already been upgraded to WordPress 4.7.5. This security release was a ‘minor’ release and WordPress by default automatically updates core minor releases.

I have used the term ‘abrupt’ to describe this release because it went out without much pre-announcement. I’m concerned that this release may have fixed more than the vulnerabilities that have been detailed on the WordPress blog. That would not be without precedent.

On January 26th WordPress released 4.7.2 and they delayed disclosing a vulnerability for a week. That vulnerability was the infamous WordPress defacement vulnerability which resulted in hundreds of thousands of sites being defaced and multiple highly active attack campaigns.

We don’t have any data at this time on whether this release includes an additional security fix that is unannounced. But recent history indicates it is probably a good idea to update immediately.

Did you enjoy this post? Share it!


3.72 (61 votes) Your rating:

10 Comments on "WordPress 4.7.5 Security Release – Immediate Update Recommended"

Joseph May 17, 2017 at 1:06 am • Reply

Thanks guys for your efforts to update and secure our sites

Brad May 17, 2017 at 1:53 am • Reply

Many thanks for this notification; it's appreciated.

Edward May 17, 2017 at 2:14 am • Reply

Wordfence is the most useful plugin on my site. Keep up the good work

Mark Maunder May 17, 2017 at 9:54 am • Reply

Thanks Edward. Much appreciated.

James McCarthy May 17, 2017 at 2:57 am • Reply

I use your plugin on all my sites as A) it works!! and B) your team are constantly on the ball keeping up with the latest attack trends. Thanks.

Mark Maunder May 17, 2017 at 9:53 am • Reply

Woohoo!! Thanks James.

Mister Tea May 17, 2017 at 4:12 am • Reply

Wordfence is the best!

Bill May 17, 2017 at 7:47 am • Reply

Thanks for the heads up on this update!

John Voce May 17, 2017 at 9:43 am • Reply

Hi.

Thank you so much for the great job you and your team are doing! A first-class public service.

Regards
johnv

SternCo May 17, 2017 at 1:06 pm • Reply

Reliable, always relevant news. Thanks!

Leave a Reply

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.