WordPress fixed six vulnerabilities with version 4.7.5. Update resolves six issues in total, including a pair of cross-site scripting bugs and a CSRF bug that s existed for 10 months. Update comes a day after WordPress announced it had launched a bug bounty program on HackerOne. The program has awarded $3,700 in bounties to seven reporters so far, according to security team lead Aaron D. Campbell, who said it was always the intent to make it public but it didn t come easy.
Source: https://threatpost.com/wordpress-fixes-csrf-xss-bugs-announces-bug-bounty-program/125777/