WordPress has released version 4.7.3 of its open source blogging and content management system (CMS). It includes six security patches and 39 bug fixes, including remedies for three cross-site scripting (XSS) flaws and a cross-site request forgery (CSRF) issue.
Security experts recommend that Web developers who use WordPress turn on automatic updates to make sure that their sites benefit from the patches. “The real risk is to those who have disabled automatic updates, or are unable to update due to miscellaneous technical failures that happen sometimes,” said Logan Kipp, product evangelist at web security firm SiteLock. “Without the patch, websites running WordPress 4.7.2 and earlier remain vulnerable to critical cross-site scripting (XSS) and cross-site request forgery (CSRF) exploitation.” He added, “Unfortunately, we see too many customers that assume updates and patches are completed when in reality they may not be and it’s realized too late.”