The following notification pertains to clients utilizing WordPress.
WordPress.org has announced WordPress 4.0.1 Security Release as a critical security release for all previous versions and are strongly encouraging to update sites immediately. WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. The issue does not affect version 4.0.
Sites that support automatic background updates will be updated automatically. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5. Older versions are not supported so it recommended to update to 4.0.1 for the latest updates.
If automatic updates are disabled then you will need to manually perform the update.
Additional information is available from WordPress.org: