WordPress rolled out an auto-update to fix a critical cross side scripting flaw that could potentially harm any site out there. The WordPress 4.0.1 security fix also released 8 major security including three cross-site scripting issues found by their Security team.
The other issues included cross-site request forgery that could trick users to change their password. A much less likely of the security fix is hash-collision and a bizarre condition of the user has not logged in from 2008 has also been fixed.
With this new update, WordPress will now invalidate the email address if users change their email address.
For complete list, please visit, WordPress official blog.
Additionally, they also fixed 23 bugs over 4.0.