WordPress 4.0.1 has been released and is available to download at wordpress.org. WordPress recommends people to update their sites which are based on earlier versions. The WordPress contributors claiming this version to be most secured till now. Version 3 is still in huge use and websites based on this version are more likely to affect by security threats. Versions from 3.0 to 3.9.2 were tested against vulnerability, and found most vulnerable, thanks to Jouko Pynnonen, CEO of Finnish IT company Klikki Oy.
Old versions are vulnerable
The exploit takes the administrative privileges over, and the actual admin does not get any clue, even. Further can happen, change in the user’s password, addition of new admin account, and plug-in editor can be used to write PHP code (by the attacker) on the server. You may know concerning details here.
Though this issue had been resolved in version 4.0, WordPress 4.0.1 has been made yet more secure by fixing 23 other bugs of 4.0 and thus, it is being called critical security release.
Most Admins are still on WordPress 3
As per statistics, 17.9% people are still using WordPress 3.0 followed by WordPress 3.5 with 16.1%users. Build 4.0 is expected to outgrow the earlier versions because stats have raised to 15.1% till now. Build 3.9 has share of 14.7% users.
Users are advised to upgrade to latest version for immunity of their CMS against vulnerability. Either download WordPress 4.0.1, or update from dashboard (Dashboard> Updates, clicking “update now”).