WordPress 4.4.1 Patches XSS Security Vulnerability

WordPress 4.4.1 is available for download and includes 52 fixes, one of which patches a cross site scripting vulnerability reported by Crtc4L. This release address two severe bugs and updates the polyfill used for emoji to support Unicode 8. Support for Unicode 8 adds new diversity emoji to WordPress.

Other notable changes include the removal of Rdio embed support, plugins failing to update after WordPress 4.4 is installed, and a handful of changes to responsive images. Sites configured to receive automatic updates should update within 24 hours. Since 4.4.1 is a security release, you should initiate the update process as soon as possible.

A total of 36 people contributed to this release. If you encounter problems after updating, please create a new thread in the WordPress.org support forums where volunteers are standing by to help out.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.


  1. I have updated my wordpress to 4.4.1 today and since then I am facing this issue of Comments not showing on the blog. I can see the comment count after the post but no comments after that..

    my site is couponsbin.net please take a look and help me out !


    1. Please create a thread on the support forums as you’re more likely to receive the help you need there.


  2. If I got it right, that is one of the least important security fixes, basically protects you from bad themes which can do so much damage in other ways, so I would say that people should not rush and test the update before going live with it.


  3. Thanks for the update. I have successfully update my WordPress. Didn’t find any problem so far.


Comments are closed.