WordPress 4.7.3 is now available. This is a security release for all previous versions
What are the latest updates in WordPress?
  • Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrč Dale, Yorick Koster, and Simon P. Briggs.
  • Control characters can trick redirect URL validation. Reported by Daniel Chatfield.
  • Unintended files can be deleted by administrators using the plugin deletion functionality. Reported by xuliang.
  • Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Marc Montpas.
  • Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. Reported by Sipke Mellema.