Feb 10, 2017
The WordPress version 4.7.2 was released recently on January 26, 2017. Introduced as a security update, the featured release notes do not mention any changes in the core functionality of the codes. Instead, it is a security update for the 3 risk vulnerabilities which were reported by the WordPress community.
Within 7 days, the WordPress security team was also able to figure out yet another vulnerability which also slipped in the version 4.7.2. The vulnerability was reported by the WordPress developer at Sucuri. However, this bug wand was reported confidentially to the WordPress team. The risk was reportedly found in the application programming interface (REST API) from where an intruder could unethically modify the content of a WordPress blog post.
If you have recently updated your WordPress version to 4.7 or 4.7.1, you must know the fact that your WordPress website is prone to the threat discussed above. And with the news about the vulnerability spread all over, hackers are on a hunt to target such websites. In order to avoid any glitches, it is advised to immediately upgrade to the latest 4.7.2 version.
After this security threat was detected, the WordPress developers became active and reached out the security companies which maintain the common web application firewalls. These companies were asked to immediately extend web protection against any possible attack on the WordPress websites running all over the world.
The next step was to contact the major WordPress hosting companies and let them know how they can take care of the security threat that might affect their client’s websites. This proved out to be a temporary yet effective way of securing the websites before the official resolution was rolled out.
This threat will affect only the only 4.7 and 4.7.1 versions of WordPress since they come with a default setting of enabled REST API. So, if you are still using the older version or even have a REST API installed, this threat will not affect your WordPress website.
If you turned on the automatic update feature on your WordPress site, it would have automatically updated to 4.7.2. It is advised to check the website to see that everything is in place. Although the WordPress releases are tested many times before they are rolled out, it is better to check for it on your part.
Now that the information is out, it cannot be said that the hackers will not try to breach the WordPress websites anymore. With WordPress being the most preferred content management system, it attracts intruders to try to invade the website backend and harm the database. Webmasters admins ensure that their website is upgraded to the version 4.7.2 as soon as possible.