WordPress 4.4.1 Patches XSS Security Vulnerability

WordPress 4.4.1 is available for download and includes 52 fixes, one of which patches a cross site scripting vulnerability reported by Crtc4L. This release address two severe bugs and updates the polyfill used for emoji to support Unicode 8. Support for Unicode 8 adds new diversity emoji to WordPress.

Other notable changes include the removal of Rdio embed support, plugins failing to update after WordPress 4.4 is installed, and a handful of changes to responsive images. Sites configured to receive automatic updates should update within 24 hours. Since 4.4.1 is a security release, you should initiate the update process as soon as possible.

A total of 36 people contributed to this release. If you encounter problems after updating, please create a new thread in the WordPress.org support forums where volunteers are standing by to help out.


5 responses to “WordPress 4.4.1 Patches XSS Security Vulnerability”

  1. If I got it right, that is one of the least important security fixes, basically protects you from bad themes which can do so much damage in other ways, so I would say that people should not rush and test the update before going live with it.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: