If you have not done so yet, it’s time to upgrade your WordPress version to keep your website secure. A WordPress security update is now available — six vulnerabilities have been fixed in WordPress 4.7.3.
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
Read more details here.