Version 4.4.4

On 21 June, 2016, WordPress 4.4.4 was released to the public.

Installation/Update Information

To download WordPress 4.4.4, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the WordPress 4.5.3 release notes, WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.

List of Files Revised

wp-admin/includes/ajax-actions.php
wp-admin/includes/class-wp-media-list-table.php
wp-admin/includes/post.php
wp-admin/about.php
wp-admin/revision.php
wp-includes/class-oembed.php
wp-includes/class-wp-customize-manager.php
wp-includes/default-filters.php
wp-includes/embed.php
wp-includes/formatting.php
wp-includes/pluggable.php
wp-includes/post-template.php
wp-includes/version.php
readme.html

First published

Last updated