WordPress users are encouraged to update their sites immediately
The WordPress team has released version 4.4.1 of its popular CMS in order to fix a cross-site scripting vulnerability and several bugs. This update is live, and available for immediate download through your WordPress dashboard.
The WordPress Security Team emphasizes that “this is a security release
for all previous versions and we strongly encourage you to update your sites immediately” in its announcement
of the update. (Emphasis theirs.)
The update addressees a cross-site scripting vulnerability that could allow a malicious attacker to hijack a site.
According to an assessment by ThreatPost
and Aaron Jorbin, a WordPress core contributor: “The bug allows for compromise by a remote hacker.”
This update comes right on the heels of the 4.4 “Clifford” release
, which was named in honor of jazz trumpeter Clifford Brown. WordPress 4.4 added many new features and updates, including the new Twenty Sixteen theme, new post embeds, and the much awaited REST API, which was integrated into the core.
WordPress 4.4.1 also addresses 52 bugs within the core that were identified in the 4.4.x series.
WordPress 4.4.1 is available now. If you’d like to find out more information, you can see the official release notes here
. And if you’d like to dive deeper into the update, you can view the WordPress Codex post here
, and the 4.4.1 changelog list of closed tickets here
As always, if you have any questions about setting up your own site’s updates, don’t hesitate to call a member of our support team. And if you’d prefer to let us completely handle your site upgrade, we’ll be happy to help.
Update: Version 4.4.2 addresses two security issues found in 4.4.1
The recent 4.4.2 update addresses two security issues found in the 4.4.x series that were uncovered after the release of WordPress version 4.4.1. The WordPress security team said, "WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs ... and an open redirection attack."
In addition to those issues, version 4.4.2 also fixes 17 bugs found in the 4.4.x series.
Works Cited / For Further Reading:
WordPress 4.4.1 update resolves XSS vulnerability. (ThreatPost
WordPress 4.4.2 security and maintenance release. (WordPress.org