WordPress 4.4 “Clifford” was released in December of 2015, and in the two months since, WordPress has release 2 major security updates. The second major release, 4.4.2, fixes several bugs and if you haven’t updated, you should. Here’s why:
READ MORE // How To: Install WordPress Locally
4.4.2 adresses two major security issues and 19 bugs.
The first major issue, a so-called Open Redirection Attack, lets an attacker send a visitor to any WordPress site via a URL that contains a redirect, sending them to a different site. This sort of issue is usually seen in phishing attacks.
The other issue, a Server Side Request Forgery (SSRF) lets an attack access the server your WordPress is installed on. 4.4.2 fixes both issues.
There are a few non-security bugs that have also been fixed and for the full list, click here.
These two security issues have been addressed in the update, but now that they have been addressed previously unaware hackers can now use that route for every version before 4.4.2. Always stay up to date.