Automattic has released WordPress 4.7.5. It is one information security for all previous versions and you should upgrade your pages immediately.
WordPress version 4.7.4 and earlier are affected by six themethe security:
- Insufficient HTTP class redirect validation. It was mentioned by Ronni Skansing.
- Improper handling of metadata by the API XML-RPC. Reported by Sam Thomas.
- Lack of post-data metadata capability in the XML-RPC API. It was reported by Ben Bidner of the WordPress Security Team.
- Cross Site Request Forgery (CRSF) vulnerability in the file system credentials dialog box. It was mentioned by Yorick Koster.
- Cross-site scripting (XSS) vulnerability when attempting to send very large files. It was mentioned by Ronni Skansing.
- Cross-site scripting (XSS) vulnerability in Customizer. It was mentioned by Weston Ruter of the WordPress Security Team.
In addition to the above security issues, WordPress 4.7.5 contains 3 maintenance fixes. For more information, see them release notes ή consult the list of changes.
Download the new one WordPress 4.7.5 or upgrade from the Toolbar → Updates by clicking the "Update Now" button.