Today WordPress released a CRITICAL SECURITY update in the form of WordPress 4.4.1. All customers are recommended to apply this fix as quickly as possible.
WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.
There were also several non-security bug fixes:
- Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji! 👍🏿👌🏽👏🏼
- Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.
- If a post URL was ever re-used, the site could redirect to the wrong post.
WordPress 4.4.1 fixes 52 bugs from 4.4. For more information, see the release notes or consult the list of changes.
Download WordPress 4.4.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.1.