WordPress 4.4.2, a security and maintenance update for all versions, was released 2 days ago by WordPress.org. WordPress is recommending that everyone update their sites as soon as possible.
Version 4.4.2 addresses two security issues: a possible Server Side Request Forgery Vulnerability (SSRF) for certain local URLs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
SSRF can be deployed by attackers to bypass access controls, such as firewalls, and ultimately crash your system. An open redirect is a bit more straightforward. It takes a trusted site and redirects visitors to an untrusted site, exposing visitors to phishing and other malicious activities.
In addition to the above mentioned security issues, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes.
Download WordPress 4.4.2 or venture over to Dashboard > Updates and simply click Update Now. Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.