WordPress 4.7.3 Update Fixes Six Security Issues

WordPress 4.7.3 has been released on 6th March 20017. This is a security release for all previous versions and WordPress core team strongly advised to update immediately.

WordPress versions 4.7.3 fixes the following six security issues:

  1. Cross-site scripting (XSS) via media file metadata.
  2. Control characters can trick redirect URL validation.
  3. Unintended files can be deleted by administrators using the plugin deletion functionality.
  4. Cross-site scripting (XSS) via video URL in YouTube embeds.
  5. Cross-site scripting (XSS) via taxonomy term names.
  6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

WordPress 4.7.3 also contains 39 maintenance fixes to fix a range of non-security related issues.