Version 4.0.6

On July 23, 2015, WordPress 4.0.6 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 4.0.6, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, WordPress 4.0.6 fixes a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site.

The release also fixes an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/includes/dashboard.php
wp-admin/post.php
wp-includes/capabilities.php
wp-includes/class-wp-embed.php
wp-includes/formatting.php
wp-includes/kses.php
wp-includes/shortcodes.php
wp-includes/version.php

First published

Last updated