WordPress 4.7.2 Fixes Critical Vulnerabilities

WordPress receives additional security improvements with WordPress 4.7.2. This is a security release that includes fixes for 3 critical vulnerabilities and improvements for WordPress 4.7.1 and lower and is recommended for all WordPress users.

As always, Managed WordPress websites will be updated by 1&1 automatically. If you have installed WordPress yourself or use a standard installation from the 1&1 App Center, you can update to 4.7.2 from your WordPress Dashboard.  Select Updates and click Update Now.

If you prefer to update manually, you can download WordPress 4.7.2 here.

What’s new in WordPress 4.7.2?

For a complete list of all bug fixes and improvements please see the official WordPress 4.7.2 release notes.

You might also like

Please rate this post :

19 thoughts on “WordPress 4.7.2 Fixes Critical Vulnerabilities

  1. bev cornish says:

    Hi the update is failing with this error:

    Warning: copy(/homepages/30/d574721670/htdocs/app574722482/wp-admin/includes/update-core.php): failed to open stream: Permission denied in /homepages/30/d574721670/htdocs/app574722482/wp-admin/includes/class-wp-filesystem-direct.php on line 257
    The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php

    How does fix this?

    I have not made any technical changes at all to the web site

    1. 1and1help says:

      Hi,

      the update to 4.7.2 will be rolled out by us to your installation very soon. In Managed WordPress you shouldn’t be able to do this manually at all. That’s our fault and we are very sorry! Will be fixed with the upcoming auto-update.

      Best regards,
      Michael, 1&1

  2. andrea says:

    Hi,
    after update to 4.7.2 in managed (or in a new managed installation) It’s impossible to upload any file (plugin or theme) also of 2MB!!

    The uploaded file exceeds the upload_max_filesize directive in php.ini.

    I called the service, but was told that the managed no longer be supported and that I must necessarily change with the standard.

    it seems absurd!

    1. 1and1help says:

      Hi andrea,

      thanks for letting us know! Our technicians are already investigating the issue and will fix it soon.

      Best regards,
      Michael, 1&1

  3. Eric says:

    Is this issue resolved. I’m about to become a new customer of 1&1 for the Managed WordPress Plus and the issue mentionned in this thread is really bugging me. I’m not sure if choosing 1&1 is the best thing for me.

    Those type of problems should be handle right away not 24hours later. This kind of delay can easily break some trust that I have with current customers of mine.

    Let me know how it goes.

    Thanks

    Eric

    1. 1and1help says:

      Hi Eric,

      thanks for your comment. Yes, the issue is resolved.

      Best regards,
      Michael, 1&1

  4. All my websites were updated to 4.7.2 and now none of them work and I am unable to fix the file mentioned in the error message because I do not have permission. Please fix your 4.7.2 rollout that broke all of my sites! Thank you.

    1. 1and1help says:

      Hi Jesse Nietzer,

      so sorry for the problems caused by our update.

      Our developers are rolling out a bugfix right now. Should be fixed in the next hours.

      Please let me know by the end of today (or whenever you have the time), if everything works fine again for you.

      Thanks,
      Michael, 1&1

  5. Kim Hornby says:

    Today I tried to access our website and got the following error: Warning: include_once(/homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/classes/cp-base-class.inc.php): failed to open stream: No such file or directory in /homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/cp-multi-view-calendar.php on line 17

    Warning: include_once(): Failed opening ‘/homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/classes/cp-base-class.inc.php’ for inclusion (include_path=’.:/usr/lib/php7.0′) in /homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/cp-multi-view-calendar.php on line 17

    Warning: include_once(/homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/cp-main-class.inc.php): failed to open stream: No such file or directory in /homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/cp-multi-view-calendar.php on line 18

    Warning: include_once(): Failed opening ‘/homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/cp-main-class.inc.php’ for inclusion (include_path=’.:/usr/lib/php7.0′) in /homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/cp-multi-view-calendar.php on line 18

    Fatal error: Uncaught Error: Class ‘CP_MultiViewCalendar’ not found in /homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/cp-multi-view-calendar.php:20 Stack trace: #0 /homepages/35/d652293248/htdocs/app652293372/wp-settings.php(304): include_once() #1 /homepages/35/d652293248/htdocs/app652293372/wp-config.php(58): require_once(‘/homepages/35/d…’) #2 /homepages/35/d652293248/htdocs/app652293372/wp-load.php(37): require_once(‘/homepages/35/d…’) #3 /homepages/35/d652293248/htdocs/app652293372/wp-blog-header.php(13): require_once(‘/homepages/35/d…’) #4 /homepages/35/d652293248/htdocs/app652293372/index.php(17): require(‘/homepages/35/d…’) #5 {main} thrown in /homepages/35/d652293248/htdocs/app652293372/wp-content/plugins/cp-multi-view-calendar/cp-multi-view-calendar.php on line 20

    1. 1and1help says:

      Hi Kim,

      sorry for the late response.

      Seems that the plugin cp-multi-view-calendar does not work properly with 4.7.2.

      We deactivated the plugin for you, your website is back online & you can access your admin area again.

      Please ask the plugin developers for a maybe update for 4.7.2. Then install the plugin newly. Alternatively you might find a different calendar plugin which does not force these kinds of problems.

      Regards,
      Michael, 1&1

      1. Kim Hornby says:

        Thank you. I suspected it was the plugin but could not get to it to deactivate it

  6. bev cornish says:

    As of just now the update is STILL FAILING with the same error message.

    Come on 1&1 how long does it take to fix this?

    How do I raise a formal support ticket?

    1. 1and1help says:

      Hi,

      so sorry for the long waiting time. As I can see in our system, you are now updated to 4.7.2.

      Again, i am deeply sorry for the delay!

      Best regards,
      Michael, 1&1

  7. Kim Hornby says:

    Since the update, I cannot access my website nor the admin page. There are just error messages. Please fix this now

  8. Chan Zilla says:

    I am getting same error message as everyone else, posted below. I’m late to the game bc I’ve been out on a back injury, and just now able to get up and do somethings online, when I discovered the problem with my own personal site. Can I get this resolved here, or should I open a ticket? As per the other comments, I suspect my issue may be related to an plug-in that didn’t like any updates.

    Warning: require_once(/homepages/2/d585968601/htdocs/clickandbuilds/ChanzillaWP/wp-includes/cache.php): failed to open stream: Permission denied in /homepages/2/d585968601/htdocs/clickandbuilds/ChanzillaWP/wp-includes/load.php on line 466

    Fatal error: require_once(): Failed opening required ‘/homepages/2/d585968601/htdocs/clickandbuilds/ChanzillaWP/wp-includes/cache.php’ (include_path=’.:/usr/lib/php7.1′) in /homepages/2/d585968601/htdocs/clickandbuilds/ChanzillaWP/wp-includes/load.php on line 466

    1. 1and1help says:

      Hi Chan Zilla,

      1) Did you try to deactivate your plugins and re-activate them one by another to investigate which one might break your installation? You should try this first.

      2) Does this error appear only with the current PHP version? what happens if you change to PHP 5.6 or 7.0?

      Best regards,
      Michael, 1&1

      1. Chan Zilla says:

        I can’t access the control panel bc I can’t get any pages to load. I did try PHP 5.6, 7, and 7.1, didn’t make a difference. I’m sure it’s a plug-in, but I can’t access my WP admin, all pages crash with the error I gave in my post.

        1. 1and1help says:

          Then you should re-name all plugin folders on your webspace via (S)FTP: https://community.1and1.com/deactivating-all-wordpress-plugins-locked-out-wp-admin/

          Best regards,
          Michael, 1&1

Leave a Reply

Your email address will not be published. Required fields are marked *