Automattic has identified four security issues which could potentially be exploited as part of a multi-vector attack. These issues have been patched in WordPress version 4.9.1.
Security Risk: Medium
- Update immediately to 4.9.1
- It is recommended that automatic updates be enabled on WordPress sites
WordPress websites and blogs hosted by CTLT
If your WordPress website is hosted by CTLT cms.ubc.ca, or your blog is hosted on blogs.ubc.ca, CTLT has addressed the upgrade already.
If you have any questions, please contact firstname.lastname@example.org