Version 4.7.18

On June 10, 2020, WordPress 4.7.18 was released to the public.

Installation/Update Information

To download WordPress 4.7.18, visit WordPress releases archive.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

Security updates

Five security issues affect WordPress versions 5.4 and earlier.

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect()
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation

List of Files Revised

wp-admin/themes.php
wp-admin/includes/misc.php
wp-admin/includes/media.php
wp-includes/comment-template.php
wp-includes/comment.php
wp-includes/default-filters.php
wp-includes/embed.php
wp-includes/pluggable.php
wp-includes/version.php

First published

Last updated