WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. For the details please check original post on Wordpress blog.
Update Wordpress installation to version 4.0.1:
If Wordpress is installed as an APS application, go to Wesites > domain_name > Open in control panel > Applications > Manage My Applications and click on "Update avaliable" button, see screenshot:
Note: New version availability is being checked by daily Maintenance Script in PPA. If you still does not see "Update avaliable" button please wait for Daily Maintenance script or run the following two commands from the Management Node:
#/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateApsCache #/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateApsApplications
- If Wordpress is installed not through APS application vault, but manually, follow Wordpress upgrade guide.