Automattic has identified four security issues which could potentially be exploited as part of a multi-vector attack. These issues have been patched in WordPress version 4.9.1.
Security Risk: Medium
Action:
- Update immediately to 4.9.1
- It is recommended that automatic updates be enabled on WordPress sites
WordPress websites and blogs hosted by CTLT
If your WordPress website is hosted by CTLT cms.ubc.ca, or your blog is hosted on blogs.ubc.ca, CTLT has addressed the upgrade already.
Additional Information
If you have any questions, please contact security@ubc.ca