Among the security updates in the 4.0.1 release are fixes for three cross-site scripting (XSS) vulnerabilities. An XSS vulnerability can potentially enable an attacker to inject malicious code in a trusted site. Passwords are always a target for attackers, and the WordPress 4.0.1 update includes a number of updates related to password security.
WordPress has provided incremental updates for the older WordPress release with 3.7.5, 3.85 and 3.9.3 update releases providing fixes for critical security issues.
Read the full story at eWEEK:
WordPress 4.0.1 Updates Millions of Sites for 8 Flaws
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.