WordPress 4.4.1 Patches XSS Security Vulnerability

WordPress 4.4.1 is available for download and includes 52 fixes, one of which patches a cross site scripting vulnerability reported by Crtc4L. This release address two severe bugs and updates the polyfill used for emoji to support Unicode 8. Support for Unicode 8 adds new diversity emoji to WordPress.

Other notable changes include the removal of Rdio embed support, plugins failing to update after WordPress 4.4 is installed, and a handful of changes to responsive images. Sites configured to receive automatic updates should update within 24 hours. Since 4.4.1 is a security release, you should initiate the update process as soon as possible.

A total of 36 people contributed to this release. If you encounter problems after updating, please create a new thread in the WordPress.org support forums where volunteers are standing by to help out.


  1. I have updated my wordpress to 4.4.1 today and since then I am facing this issue of Comments not showing on the blog. I can see the comment count after the post but no comments after that..

    my site is couponsbin.net please take a look and help me out !


    1. Please create a thread on the support forums as you’re more likely to receive the help you need there.


  2. If I got it right, that is one of the least important security fixes, basically protects you from bad themes which can do so much damage in other ways, so I would say that people should not rush and test the update before going live with it.


  3. Thanks for the update. I have successfully update my WordPress. Didn’t find any problem so far.


Comments are closed.