{"id":12967014,"date":"2020-06-10T22:42:26","date_gmt":"2020-06-10T22:42:26","guid":{"rendered":"https:\/\/wordpress.org\/support\/?post_type=helphub_version&amp;p=12967014"},"modified":"2020-06-10T22:42:26","modified_gmt":"2020-06-10T22:42:26","slug":"version-4-7-18","status":"publish","type":"helphub_version","link":"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-4-7-18\/","title":{"rendered":"Version 4.7.18"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">On June 10, 2020, WordPress 4.7.18 was released to the public.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installation\/Update Information<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To download WordPress 4.7.18, visit <a href=\"https:\/\/wordpress.org\/download\/release-archive\/\">WordPress releases archive<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For step-by-step instructions on installing and updating WordPress:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/wordpress.org\/documentation\/article\/updating-wordpress\/\">Updating WordPress<\/a><\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If you are new to WordPress, we recommend that you begin with the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/wordpress.org\/documentation\/article\/new_to_wordpress_-_where_to_start\/\">New To WordPress \u2013 Where to Start<\/a><\/li><li><a href=\"https:\/\/wordpress.org\/documentation\/article\/first-steps-with-wordpress\/\">First Steps With WordPress<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/wordpress.org\/documentation\/article\/upgrading-wordpress-extended-instructions\/\">Upgrading WordPress Extended<\/a><\/li><li><a href=\"https:\/\/wordpress.org\/documentation\/article\/wordpress-lessons\/\">WordPress Lessons<\/a><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Security updates<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Five security issues affect WordPress versions 5.4 and earlier.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor<\/li><li>Props to Luigi \u2013 (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.<\/li><li>Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in&nbsp;<em>wp_validate_redirect()<\/em><\/li><li>Props to&nbsp;<a href=\"http:\/\/apapedulimu.click\/\">Nrimo Ing Pandum<\/a>&nbsp;for finding an authenticated XSS issue via theme uploads<\/li><li>Props to&nbsp;<a href=\"https:\/\/blog.ripstech.com\/authors\/simon-scannell\">Simon Scannell of RIPS Technologies<\/a>&nbsp;for finding an issue where&nbsp;<em>set-screen-option<\/em>&nbsp;can be misused by plugins leading to privilege escalation<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">List of Files Revised<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\">wp-admin\/themes.php\nwp-admin\/includes\/misc.php\nwp-admin\/includes\/media.php\nwp-includes\/comment-template.php\nwp-includes\/comment.php\nwp-includes\/default-filters.php\nwp-includes\/embed.php\nwp-includes\/pluggable.php\nwp-includes\/version.php<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On June 10, 2020, WordPress 4.7.18 was released to the public. Installation\/Update Information To download WordPress 4.7.18, visit WordPress releases archive. For step-by-step instructions on installing and updating WordPress: Updating WordPress If you are new to WordPress, we recommend that you begin with the following: New To WordPress \u2013 Where to Start First Steps With [&hellip;]<\/p>\n","protected":false},"author":8670591,"featured_media":0,"menu_order":0,"template":"","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false},"helphub_major_release":[49],"class_list":["post-12967014","helphub_version","type-helphub_version","status-publish","hentry","helphub_major_release-4_7"],"revision_note":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/12967014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions"}],"about":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/types\/helphub_version"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/users\/8670591"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/12967014\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/media?parent=12967014"}],"wp:term":[{"taxonomy":"helphub_major_release","embeddable":true,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/helphub_major_release?post=12967014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}