WordPress has fixed a very critical vulnerability existing in the versions 4.9.6 and earlier. The latest WordPress 4.9.7 has been released with more security and maintenance improvements.
According to WordPress development team, the v4.9.6 and earlier versions are affected with a media vulnerability which can allow users with specific privileges to delete files outside the uploads directory.
The vulnerability was originally discovered by a cybersecurity researcher at HackerOne big bounty platform. Along with this, WordPress 4.9.7 includes fixes for 17 more bugs.
Particularly, WordPress mentioned the five noteworthy updates, including the improved cache handling for term queries, and clearing post password cookies at the time of log lut.
Further, the widgets will now allow basic HTML tags in sidebar descriptions on Widgets admin screen. The updates to Community Events Dashboard will display the nearest WordCamp if one is coming up.
WordPress releases new versions on a regular basis to fix bugs, add new features, and modernize the experience. However, a report suggested that around half of WordPress sites don’t use the latest version of WordPress.
Being the most used platform to build websites, it is also the most common platform attacked by hackers. Not updating the WordPress to latest version can lead to site hacking.
WordPress strongly recommends its users to update to the latest version. Venture over to the Dashboard, visit Updates and click Update Now. The sites supporting automatic background updates will update automatically.