Title: Version 3.7.19
Published: May 19, 2019

---

# Version 3.7.19

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-3-7-19/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-3-7-19/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-3-7-19/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-3-7-19/?output_format=md#wp--skip-link--target)

On March 6, 2017, WordPress 3.7.19 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-3-7-19/?output_format=md#installation-update-information)󠁿

To download WordPress 3.7.19, update automatically from the Dashboard > Updates 
menu in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/documentation/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/documentation/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/documentation/article/wordpress-lessons/)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-3-7-19/?output_format=md#summary)󠁿

From the [WordPress 4.7.3 release post](https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/):
WordPress versions 4.7.2 and earlier are affected by six security issues:

 1. Cross-site scripting (XSS) via media file metadata. Reported by [Chris Andrè Dale](https://www.securesolutions.no/),
    [Yorick Koster](https://twitter.com/yorickkoster), and Simon P. Briggs.
 2. Control characters can trick redirect URL validation. Reported by [Daniel Chatfield](http://www.danielchatfield.com/).
 3. Unintended files can be deleted by administrators using the plugin deletion functionality.
    Reported by [xuliang](http://b.360.cn/).
 4. Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by [Marc Montpas](https://twitter.com/marcs0h).
 5. Cross-site scripting (XSS) via taxonomy term names. Reported by [Delta](https://profiles.wordpress.org/deltamgm2/).
 6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server
    resources. Reported by Sipke Mellema.

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-3-7-19/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    readme.html wp-admin/includes/media.php wp-admin/plugins.php wp-admin/about.php wp-includes/version.php wp-includes/pluggable.php
    ```

First published

May 19, 2019

Last updated