Title: Version 4.0.2
Author: Subrata Sarkar
Published: March 13, 2019

---

# Version 4.0.2

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-0-2/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-4-0-2/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-0-2/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-4-0-2/?output_format=md#wp--skip-link--target)

On April 20, 2015, WordPress 4.0.2 was released to the public. This is a security
update for all previous WordPress versions.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-0-2/?output_format=md#installation-update-information)󠁿

To download WordPress 4.0.2, update automatically from the Dashboard > Updates menu
in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 *  [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 *  [New To WordPress – Where to Start](https://wordpress.org/support/article/new_to_wordpress_-_where_to_start/?output_format=md)
 *  [First Steps With WordPress](https://wordpress.org/support/article/first-steps-with-wordpress/?output_format=md)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 *  [WordPress Lessons](https://wordpress.org/support/article/wordpress-lessons/?output_format=md)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-4-0-2/?output_format=md#summary)󠁿

From the [announcement post](https://wordpress.org/news/2015/04/wordpress-4-1-2/):

 * A serious critical cross-site scripting vulnerability, which could enable anonymous
   users to compromise a site.
 * Files with invalid or unsafe names could be upload.
 * Some plugins are vulnerable to an SQL injection attack.
 * A very limited cross-site scripting vulnerability could be used as part of a 
   social engineering attack.
 * Four hardening changes, including better validation of post titles within the
   Dashboard.

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-0-2/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    license.txt
    readme.html
    wp-admin/includes/class-wp-comments-list-table.php
    wp-admin/includes/dashboard.php
    wp-admin/includes/post.php
    wp-admin/includes/template.php
    wp-admin/js/nav-menu.js
    wp-includes/capabilities.php
    wp-includes/class-wp-editor.php
    wp-includes/formatting.php
    wp-includes/js/plupload/plupload.flash.swf
    wp-includes/version.php
    wp-includes/wp-db.php
    ```

First published

March 13, 2019

Last updated