The 4.7.3 update fixes important secuirity issues that 4.7.2 and previous updates still didn’t manage to fix completely.
Of course they suggest to install the update immediately and. as WordPress users ourselves, we can’t help but strongly suggest you to do that.
So, if your website uses WordPress as a Content Management System (CMS), you should backup your website and update WordPress Core to the latest version.
To backup your website is always important, especially before installing Core updates, so to prevent issues. Also, if your website has Plugins installed, these may not always be 100% compatible with the new version which can lead to your website becoming broken or unbrowsable.
What does WordPress 4.7.3 update fix?
Being an open source, heavily community-reliant CMS, WordPress updates are usually based on the huge amount of feedback coming from its huge user base (WordPress 4.7 has been downloaded over 17 million times).
This is a short list of the main bugs that the 4.7.3 update fixes, along with a brief explanation, where needed:
- Cross-site scripting (XSS) via media file metadata.
XSS is a kind of vulnerability used to bypass websites’ access controls.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
CSRF is a type of malicious website exploit where unauthorized commands are transmitted from a user that the website trusts.
There are other 39 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.7.3 directly from their website.
We are available to chat with you over these and other WordPress-related issues anytime. Contact us!