WordPress 4.7.2 更新

WordPress 4.7.2 于2017年1月26日发布,4.7.2版修正了一些安全问题

WordPress4.7.2截图
WordPress4.7.2截图

摘要

1、The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
2、WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
3、A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.

修订的文件

wp-admin/about.php
wp-admin/includes/class-wp-press-this.php
wp-admin/includes/class-wp-posts-list-table.php
wp-includes/version.php
wp-includes/class-wp-query.php
wp-includes/class-wp-comment.php
wp-includes/class-wp-term.php
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
wp-includes/class-wp-post.php
wp-includes/rest-api.php

还可以分享文章给好友:

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据