Title: Version 4.7.5
Author: Jb Audras
Published: January 15, 2019

---

# Version 4.7.5

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-4-7-5/?output_format=md#wp--skip-link--target)

From the [WordPress 4.7.5 release post](https://wordpress.org/news/2017/05/wordpress-4-7-5/):
WordPress versions 4.7.4 and earlier are affected by six security issues:

 1. Insufficient redirect validation in the HTTP class. Reported by [Ronni Skansing](https://dk.linkedin.com/in/ronni-skansing-36143b65).
 2. Improper handling of post meta data values in the XML-RPC API. Reported by [Sam Thomas](https://hackerone.com/jazzy2fives).
 3. Lack of capability checks for post meta data in the XML-RPC API. Reported by [Ben Bidner](https://profiles.wordpress.org/vortfu/)
    of the WordPress Security Team.
 4. A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem
    credentials dialog. Reported by [Yorick Koster](https://twitter.com/yorickkoster).
 5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload
    very large files. Reported by [Ronni Skansing](https://dk.linkedin.com/in/ronni-skansing-36143b65).
 6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
    Reported by [Weston Ruter](https://profiles.wordpress.org/westonruter/) of the 
    WordPress Security Team.

In addition to the security issues above, WordPress 4.7.5 contains four maintenance
fixes to the 4.7 release series.

Administration

 * [#40056](https://core.trac.wordpress.org/ticket/40056) – Shift-click to select
   a range of checkboxes isn’t working anymore since 4.7.3 update

Build/Test Tools

 * [#40002](https://core.trac.wordpress.org/ticket/40002) – Bump Akismet External–
   4.7.x/4.8 Edition

REST API

 * [#39683](https://core.trac.wordpress.org/ticket/39683) – REST API JS Client: 
   Should enable connecting to multiple endpoints at the same time

Taxonomy

 * [#40496](https://core.trac.wordpress.org/ticket/40496) – get_the_terms() doesn’t
   respect register_taxonomy()’s ‘orderby’ => ‘term_order’

## List of Files Revised

    ```wp-block-preformatted
     wp-admin/includes/file.php wp-admin/js/common.js wp-admin/js/common.min.js wp-admin/js/customize-controls.js wp-admin/js/customize-controls.min.js wp-admin/js/updates.js wp-admin/js/updates.min.js wp-admin/about.php wp-admin/customize.php wp-content/plugins/akismet/_inc/img/logo-full-2x.png wp-content/plugins/akismet/_inc/akismet.css wp-content/plugins/akismet/_inc/akismet.js wp-content/plugins/akismet/akismet.php wp-content/plugins/akismet/class.akismet.php wp-content/plugins/akismet/readme.txt wp-includes/js/plupload/handlers.js wp-includes/js/plupload/handlers.min.js wp-includes/js/wp-api.js wp-includes/js/wp-api.min.js wp-includes/class-http.php wp-includes/class-wp-customize-manager.php wp-includes/class-wp-xmlrpc-server.php wp-includes/taxonomy.php wp-includes/version.php 
    ```

First published

January 15, 2019

Last updated