WordPress.org

Codex

Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 3.9.4

On April 21, 2015, WordPress 3.9.4 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 3.9.4, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post:

  • A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
  • Files with invalid or unsafe names could be upload.
  • Some plugins are vulnerable to an SQL injection attack.
  • A very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
  • Four hardening changes, including better validation of post titles within the Dashboard.

List of Files Revised

license.txt
readme.html
wp-admin/includes/class-wp-comments-list-table.php
wp-admin/includes/dashboard.php
wp-admin/includes/post.php
wp-admin/includes/template.php
wp-admin/js/nav-menu.js
wp-includes/capabilities.php
wp-includes/class-wp-editor.php
wp-includes/formatting.php
wp-includes/js/plupload/plupload.flash.swf
wp-includes/version.php
wp-includes/wp-db.php
See also: other WordPress Versions.