WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. For details please check original post on Wordpress blog.
Update Wordpress installation to version 4.1.2 or later:
- If Wordpress is installed as an Plesk application, go to Subscriptions > domain_name > Applications > Manage My Applications and click on "Update avaliable" button, see screenshot:
**Note:** New version availability is being checked by daily Maintenance Script in Plesk. If you still does not see **"Update avaliable"** button please wait for Daily Maintenance script or run the following two commands: #/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateApsCache #/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateApsApplications
- If Wordpress is installed not through Plesk application vault, but manually, follow Wordpress upgrade guide.