On 26 Jan, 2017, WordPress 4.0.15 was released to the public.
Installation/Update Information
To download WordPress 4.0.15, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
From the WordPress 4.7.2 release post: WordPress versions 4.7.1 and earlier are affected by three security issues:
- The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Query
is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda(batmoo).- A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
List of Files Revised
wp-admin/includes/class-wp-posts-list-table.php wp-admin/press-this.php wp-admin/about.php wp-includes/version.php wp-includes/query.php readme.html