Follow these instructions to update and secure your site.
- Backup your WordPress site by going to Dashboard > Tools > Export. This step is optional, but a good idea in case something goes wrong with the update.
- From your WordPress Dashboard, go to the Updates tab. Click the link to update to 4.0.1 and follow the instructions.
The following excerpt from Threatpost.com describes the nature of this exploit.
WordPress’s latest update, 4.0.1, patches a critical cross-site scripting vulnerability affecting comment boxes on websites running the content management system software.
Jouko Pynnonen, a security researcher from Finland, yesterday posted some details on the Full Disclosure security mailing list, the same day WordPress released its update.