Last week WordPress released version 4.9.7, a maintenance and security update. This update addresses a recently discovered security vulnerability, as well as 17 additional bug fixes. WordPress disclosed that versions 4.9.6 and earlier are affected by a security vulnerability that to delete files outside of the /wp-content/uploads directory. This could potentially allow users created by malware to delete files necessary to the core functionality of WordPress.
Additionally, several other bugs were addressed in the new release including:
- Improvements to Widget descriptions
- Clear post password cookies when logging out of WordPress
- Cache improvements
WordPress version 4.9.7 is available for download or upgrade through the WordPress dashboard now. Websites secured with SiteLock™ INFINITY® will have this security vulnerability patched on their next scan. However, in order to take advantage of all features and bug fixes, sites must be updated to the latest WordPress version.
If you would like to protect your WordPress site with automated malware removal, core CMS vulnerability patching, and customized database protection—contact SiteLock today at 855.378.6200 and ask about INFINITY.