WordPress latest version, 4.4.2, fixes a handful of bugs and vulnerabilities in the content management system. The update pushed out on Tuesday addresses two main issues. An attacker could have potentially carried out a server-side request forgery (SSRF) attack that could have made it appear that the server was sending certain requests, possibly bypassing access controls. It s the second update for the CMS in 2016 following a XSS vulnerability and was released in early January.
Source: https://threatpost.com/wordpress-update-fixes-ssrf-open-redirect-vulnerability/116128/