1.1.4 is a security release to match the security changes in WordPress versions 5.4.2 and 4.9.15 (both released on June 10, 2020). It is available now.
If your ClassicPress site has automatic updates enabled (the default configuration), then the new version will be installed automatically. Otherwise, we strongly recommend applying this update from your site’s dashboard as soon as possible.
Security fixes since ClassicPress
- Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
- Props to Simon Scannell of RIPS Technologies for finding an issue where
set-screen-optioncan be misused by plugins leading to privilege escalation
For more information about the security changes in this release, see the WordPress 4.9.15 release notes post.
Download this release
and follow the installation instructions.
|Existing WordPress sites||Download the migration plugin and follow the migration instructions.|
|Existing ClassicPress sites||Use the built-in update mechanism (more info).|
The full changelog is available on GitHub.