WordPress 4.4.1 Updates for XSS (and 52 other issues)

The first WordPress update of 2016 is out and like many other incremental updates, it is being triggered by a security vulnerability. The single security issue being patched in WordPress 4.4.1 is a cross site scripting vulnerability that could have potentially enabled a site compromised.wordpress

From a general usability and bug perspective there are 52 bugs that WordPress developers are addressing in the 4.4.1 update that spans multiple area of the popular open-source content management system including:


    34987 “Configure” link for dashboard widgets no longer displayed.
    35047 Notices are not moved to first header when header-elements are nested inside .wrap
    35057 bug in new default_hidden_columns filter
    35112 Screen Options in Appearance -> Menu not saved correctly sometimes


    34967 SHORTINIT and date_i18n: Call to undefined function _x()
    35013 WP4.4 function handle_404 yelds a fatal error on line 613 when trying to clone $wp_query->post if it’s not an object

Build/Test tools

    30787 Shrinkwrap NPM dependencies

Bundled Theme

    35270 Bump twentysixteen for 4.4.1


    34890 Canonical meta tag for paginated posts incorrect with ugly permalinks


    34946 new comment redirects break anchors in Safari
    34997 preprocess_comment filter does not contain old user_ID field for user_id, instead it has new user_id field
    35006 Comments sent immediately to Trash for matching keyword blacklist should not generate email notifications
    35025 Performance regression in comments_template in 4.4
    35068 Comments not showing up when there are unapproved messages
    35175 Page parameter no longer works in wp_list_comments


    35081 Missing Change Theme button when there are only two themes available


    35152 Remove Rdio embed support
    35194 Remove embed discovery tags from HTML header of static home pages
    35237 Invalid argument supplied for foreach() in /wp-includes/embed-template.php on line 54


    33592 Unicode 8.0 Emoji

External Libraries

    34948 Update random_compat for “Don’t instantiate COM if it’s a disabled class”

Filesystem API

    34976 Plug ins fail to update after WP 4.4 installed


    35008 Ampersands in URLs are no longer converted to entities
    35058 PHP Fatal when map_deep tries to work on an object that has a property by reference


    34935 Removed SSL certificates causing errors in WP 4.4


    35215 Setting help tab priorities fails to correctly order the tabs


    34925 4.4 wp-login.php: no longer possible to use the login_post scheme
    35103 login_url Filter is now applied to Login Form Action Attribute


    35212 Update PHPMailer to 5.2.14


    35045 Responsive images not added when effective scheme differs from image src scheme
    35101 image_default_link_type option not being respected
    35102 Responsive images support for external URLs
    35106 Responsive images break uploads with full path stored in metadata
    35108 Responsive images blurry – srcset attribute doesn’t include full size version
    35153 Default link target for media files is none


    34446 WordPress Notice after add support for post type archives in menu
    34449 Remove CPT if exists menu item
    35107 wp_nav_menu outputs tags without line breaks in 4.4, causes strange bug with justified text


    35084 check for post status in get_page_uri causes issues with permalinks


    35031 wp_old_slug_redirect() in 4.4 redirecting existing posts
    35115 404 error when URL includes title=…


    34939 Shortcode regex no longer matches [shortcode=XXX]


    34723 Warning in get_the_terms() because of non-array
    35089 Query var on non-public taxonomy remains boolean true since [35333]
    35137 get_terms() with a meta_query filter returns duplicated terms
    35156 wp_list_categories() does not accept comma-separated IDs for exclude_tree parameter
    35180 In WordPress 4.4 the_tags() is displaying tags ordered by ID instead of alphabetically by name


    34962 Issues with wp_get_document_title function causing problems with document titles


    34993 Deleting a user no longer asks what to do with their content


    34978 Extra quotes in title in WP_Widget_RSS class, widget method
    34995 WP_Widget::widget not called


    35053 XML-RPC when post with date_created_gmt, its post_date will gmt date not local date
    35185 Unable to create Post via XMLRPC after upgrading to 4.4

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

News Around the Web