WordPress just released a late-cycle security update for version 4.0. This update fixes several light potential issues including admin-side cross-site scripting. None of these issues are extremely urgent, but it’s worth it to update your installation if you’re on 4.0 already.
The Problems:
The main issue is a series of admin-side cross-site scripting vulnerabilities that would require someone to already have an author account on your website to exploit. Basically, this applies to almost no one but it’s good to lock it down anyway. The other issues involve several password exploitation issues. None of these issues are likely to affect most business owners.
Should You Update?
The only issue that anyone has run into so far is issues with shortcodes that are incorrectly created by a plugin – however, we haven’t seen any issues with our clients and this problem yet. If you are already on WP 4.0 then hit update with no fear – the update shouldn’t break any functionality on your site. If you are on an older version of WP, contact us and we can handle the update and ensure that no functionality is broken in the process.