In response to a number of security issues recently discovered, WordPress has released a 4.0.1 update. This security release addresses potential risks for those running version 3.9.2 or earlier, as well as fixes for bugs found in WordPress version 4.0.
Some of the specific security issues addressed are:
- Cross scripting issues that could be used by an author or contributor to compromise a website
- Cross site request forgeries that can trick a user into changing their password
- Denial of service issues when passwords are checked
- More protections from server side forgery attacks
- If a password reset email is sent, but the user remembers their password then logs in and changes their email address, the links in the email are now invalidated
In addition, 23 bugs in WP version 4.0 have now been fixed.
If you’re set up for automatic updates, you probably already have the new 4.0.1 version installed. If not, then I strongly encourage you to upgrade as soon as possible.