WordPress has recently rolled out a critical security release: WordPress 4.4.2. This security release addresses a few security fixes:
- WordPress versions 4.4 and earlier are vulnerable to a cross-site scripting vulnerability that could allow a site to be compromised
- Emoji support has been updated to include all of the latest emoji characters
- sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins
- If a post URL was ever re-used, the site could redirect to the wrong post
- 52 bug-fixes were also made
We strongly encourage all users to log into their sites to check if an update is required. Depending on the existing version of WordPress you have, your WordPress may have been automatically updated. If a manual update is needed, remember to perform a full site backup before updating your site. To update, log into the WordPress dashboard. Hit the “Update Now” button located on the top of the browser. For full details of the release, please visit this article from WordPress.org.