WordPress has announced the latest security release WordPress 4.4.2 and they recommend that you should update the WordPress 4.4.1 to 4.4.2 immediately.
According to the announcement, last version of WordPress 4.4.1 was affected by two major issues
- A possible SSRF for certain local URIs, If your web application running on a public server is vulnerable to SSRF (Server Side Request Forgery), than attackers can bypass the firewall and crash your system.
- An open redirection attack, means it would take any trusted site and will redirect users to any untrusted site or a phishing scam.
With these two major bugs, there are around 17 more bugs found in 4.4.1 which were fixed in release 4.4.2 .
Download or Navigate over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2 .