WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs and an open redirection attack.
In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes.
To update, simply click “Update Now” from your WordPress admin dashboard. Sites that support automatic background updates are already beginning to update to WordPress 4.4.2 but if your site has not yet updated then we suggest that you force an immediate update.
All WordPress users are reminded that they should ensure that all WordPress core, plugins and themes are updated as soon as an update is shown. If you use a theme or plugin that is not from the WordPress repository, then it is possible that updates will not be shown, in which case you should regularly check on the authors website whether an update is available. We are still seeing cases of sites being hacked because they are using commercial themes that have old versions of the revslider plugin integrated and when these have not been upgraded they are easily hacked.