Two weeks ago WordPress 4.7.2 was released, and website administrators running self-hosted versions of the hugely popular CMS and blogging platform were advised to update their systems as a matter of urgency.
What we didn’t know at the time was just how important that WordPress update was.
Last week, WordPress revealed that 4.7.2 had secretly included a fix for an undisclosed critical vulnerability.
If left unpatched, the vulnerability could allow a malicious attacker to modify the content of any post or page on a WordPress site.
The reason the vulnerability wasn’t made public at the time of WordPress 4.7.2’s release was the very real worry that malicious hackers might race to exploit the flaw, attacking millions of blogs and company websites.