On 6th Dec 2016, WordPress released the v4.7 which is codenamed as “Vaughan”. Within just one month, the v4.7 recorded over 16 million downloads and this number is rising day by day. The best thing about this new version is the users don’t have to do the up-gradation process manually, everything is initiated directly from the WordPress main servers. After the launch of v3.7, WordPress integrated automatic updating system so that users don’t have to get into the hassle of installing update files themselves.
Recently, the user community and WordPress developers noticed some major vulnerabilities in the v4.7 and to overcome all these, WordPress quickly released v4.7.1 which eliminated over 62 bugs from the core codes and also resolved the security flaw in the popular PHPMailer Email Library that was first detected in November 2016. This incremental update and bug fixing helped users to make their portals safe & secure.
The security upgrade in the WordPress v4.7.1 removed the vulnerability which wasn’t actually in the WP’s core codes but in the open-source script of the PHPMailer library. The PHPMailer is a popular email creating and transfer library for the PHP which is used by the WordPress. The error was reported in the Remote Code Execution (RCE) which was later identified as the CVE-2016-10033 and the users detected this issue in December 2016.
Although, PHPMailer released a separate update for the CVE-10033 error but they were not able to fix this issue properly. As a result of this loophole, millions of websites were not able to roll out emails to their global clients and customers. Once this issue was reported, the PHPMailer released another security patch to eliminate this vulnerability. As this error was not associated with WordPress code, so the WP support team was less bothered about this problem.
Once the v4.7.1 was released, all the vulnerabilities were removed and the CMS system remains unaffected by the technical issues. With v4.7.1 has become more safe and secure. According to the installation notes of v.4.7.1 “there is no specific issue appears to affect the functioning of the WordPress. All the plugins we investigated till now remain safe and out of an abundance of caution we are officially updating PHPMailer in this latest release.”
Apart from rectifying the PHPMailer problem, another loophole was of the information leakage that occurred from the REST API that exposed the user’s personal and financial data. Moreover, the v4.7.1 also offers patch files for Cross-Site Scripting (XSS) vulnerabilities as well as the pair of Cross-Site Request Forgery (CSRF) flaws.
In this article, you will read about some major security updates that come with the latest version of WordPress i.e. v4.7.1. It will be good if you update your CMS software today and get rid of all these issues in a hassle-free manner.