WordPress 4.0.1 Security Release
Nov 20, 2014 - "WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately... WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site... This issue does not affect version 4.0, but version 4.0.1 does address these -eight- security issues..."
Nov 20 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 3.7.5, 3.8.5, 3.9.3, 4.0.1
Description: Several vulnerabilities were reported in WordPress. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote user can compromise a target user's account...
Solution: The vendor has issued a fix (3.7.5, 3.8.5, 3.9.3, 4.0.1).
The vendor's advisory is available at:
Edited by AplusWebMaster, 21 November 2014 - 04:05 AM.