A high-severity Cross-site scripting (XSS) vulnerability has been fixed in WordPress’ new 4.4.1 release that is now available for download. In addition to the XSS vulnerability reported by security researcher ‘Crtc4L’, the release includes 51 other non-security bug-fixes.

WordPress sites configured to receive automatic updates should be updated within 24 hours automatically, otherwise, ensure that you upgrade to the WordPress 4.4.1 security release as soon as possible.

Acunetix WVS and Acunetix OVS have been updated to detect this vulnerability. Acunetix identifies WordPress installations, and will launch version specific WordPress security checks to ensure your website is secure. Acunetix WVS will notify you of new patch updates upon start-up, prompting you to install them. If you are using a previous version of Acunetix WVS, you will need to update to the latest version. Acunetix OVS updates are rolled out automatically and do not require any user action.

View the official WordPress announcement and proceed to update here.

Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.