“WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.
“Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:
- Taxonomy: Improve cache handling for term queries.
- Posts, Post Types: Clear post password cookie when logging out.
- Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
- Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.