Version 4.6.6

On 16 May 2017, WordPress 4.6.6 was released to the public.

Installation/Update Information

To download WordPress 4.6.6, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the WordPress 4.7.5 release post: WordPress versions 4.7.4 and earlier are affected by six security issues:

  1. Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
  2. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
  3. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
  4. A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

List of Files Revised

wp-admin/about.php
wp-admin/includes/file.php
wp-admin/customize.php
wp-admin/js/customize-controls.js
wp-admin/js/updates.js
wp-admin/js/customize-controls.min.js
wp-admin/js/updates.min.js
wp-includes/class-wp-customize-manager.php
wp-includes/class-http.php
wp-includes/js/plupload/handlers.js
wp-includes/js/plupload/handlers.min.js
wp-includes/class-wp-xmlrpc-server.php
wp-includes/version.php
readme.html

First published

Last updated