Search Engine: Elastic

Article ID: 123632, created on Nov 21, 2014, last review on Jul 14, 2018

  • Applies to:
  • Plesk Automation


WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. For the details please check original post on Wordpress blog.


Update Wordpress installation to version 4.0.1:

  1. If Wordpress is installed as an APS application, go to Wesites > domain_name > Open in control panel > Applications > Manage My Applications and click on "Update avaliable" button, see screenshot:

    Note: New version availability is being checked by daily Maintenance Script in PPA. If you still does not see "Update avaliable" button please wait for Daily Maintenance script or run the following two commands from the Management Node:

    #/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateApsCache
    #/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateApsApplications
  2. If Wordpress is installed not through APS application vault, but manually, follow Wordpress upgrade guide.

e0aff7830fa22f92062ee4db78133079 caea8340e2d186a540518d08602aa065

Email subscription for changes to this article
Save as PDF