WordPress has releases a security update that is available as WordPress 4.7.3.
This update includes fixes to some vulnerabilities that can impact WordPress sites running eCommerce plug-ins such as WooCommerce.
In short here are the most important security fixes:
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
As with any update, we strongly encourage you to update a test or staging site first to test to make sure your site is running well.
Of course a proper backup should be made prior to any update.
Check out the source link below for more information on this WordPress Security Update.
Let us know if you encountered any issues with updating to the WordPress 4.7.3. with any eCommerce plug-ins.