HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

4.7.2

WordPress Release: 4.7.2

Tag Name: 4.7.2

Release Date: 1/26/2017

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 4.7.2 is a security and maintenance release that addresses several important issues in the WordPress core. This update fixes a critical REST API vulnerability that could allow unauthorized users to modify content, improves query handling for post types with special characters, and enhances the user experience in the admin interface. The release also includes fixes for the Press This feature and post excerpt display in the list table.

Highlight of the Release

    • Fixed a critical REST API vulnerability that could allow unauthorized users to modify content
    • Improved query handling for post types with special characters
    • Enhanced Press This functionality by hiding Categories & Tags UI for users without term assignment permissions
    • Fixed post excerpt display in the Posts list table to match manually entered content
    • Unified object access handling in the REST API for better consistency

Migration Guide

No specific migration steps are required for this update. WordPress 4.7.2 is a maintenance and security release that should be applied as a standard update without any special migration procedures.

To update WordPress:

  1. Back up your website files and database before updating
  2. Use the automatic update feature in your WordPress dashboard
  3. Alternatively, download the update from wordpress.org and perform a manual update

No changes to themes, plugins, or custom code should be necessary as a result of this update.

Upgrade Recommendations

Immediate upgrade strongly recommended for all WordPress sites.

This release contains a critical security fix for the WordPress REST API that could allow unauthorized users to modify the content of posts. The vulnerability affects all sites running WordPress 4.7 and 4.7.1.

Due to the severity of this security issue, WordPress has taken the unusual step of working with web hosting companies to automatically update affected sites to WordPress 4.7.2. However, site owners should not rely on automatic updates and should manually verify their WordPress version is updated to 4.7.2 as soon as possible.

Bug Fixes

  • Query Handling: Fixed an issue where queries would not work correctly with post type names containing special characters.

  • Post Excerpts: Corrected the Posts list table to ensure excerpt output matches what was manually entered into the Excerpt field when using Excerpt mode.

  • Press This: Modified the Press This feature to hide Categories & Tags UI for users who do not have permissions to assign terms to posts.

  • REST API Object Fetching: Reverted to pre-4.7 behavior for fetching object instances by ID to fix inconsistencies in how the REST API retrieves posts and other objects (fixes issues introduced in [38381]).

New Features

No significant new features were introduced in this maintenance release. WordPress 4.7.2 focuses primarily on security fixes and bug corrections to improve the stability and security of the WordPress core.

Security Updates

  • REST API Vulnerability: Fixed a critical vulnerability in the WordPress REST API that could allow unauthorized users to modify the content of any post. This was the primary security issue addressed in this release and the main reason for the urgent update recommendation.

  • Object Access Handling: Unified object access handling in the REST API for improved security and consistency, preventing potential unauthorized access to protected content.

Performance Improvements

No specific performance improvements were highlighted in this release. The changes were primarily focused on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 4.7.2 is primarily a security release that addresses a critical vulnerability in the REST API that could allow unauthorized users to modify content on WordPress sites. This security issue affects all sites running WordPress 4.7 and 4.7.1, making this an essential update for all WordPress users.

The release also includes several bug fixes that improve the functionality of core WordPress features, including query handling for post types with special characters, proper display of post excerpts in the admin interface, and improvements to the Press This feature. Additionally, the update resolves inconsistencies in how the REST API fetches posts and other objects.

While this release doesn't introduce new features, it significantly enhances the security posture of WordPress sites and fixes several user experience issues that content creators and administrators may have encountered. The unified object access handling in the REST API also provides developers with a more consistent framework for building on the WordPress platform.

Statistics:

File Changed25
Line Additions439
Line Deletions313
Line Changes752
Total Commits9

User Affected:

  • Protected from unauthorized content modification through the REST API security fix
  • Improved management of posts with special characters in post type names
  • Better handling of post excerpts in the admin list tables

Contributors:

aaroncampbellocean90johnbillionboonebgorges