WordPress 4.9.1 was released on November 29, 2017 and It is recommended that you update as soon as possible. It is recommended that you update as soon as possible because this release addresses four security issues.
Late yesterday WordPress announced the release of version 4.7.5; a security and maintenance release.
Wordfence stated: “We don’t have any data at this time on whether this release includes an additional security fix that is unannounced. But recent history indicates it is probably a good idea to update immediately.”
We agree with Wordfence’s sentiment considering the timing of the release (late in the workday US Time). If you have a WordPress site, we suggest you consider updating immediately.
We quickly worked to update all of our client sites to WordPress 4.7.5, to make sure their sites are on the most secure version of WordPress. Security updates like this are included in our Maintenance Services and could become more common in the future as the WordPress community works to reduce security threats.
When asked about the bug bounty program, Aaron Campbell, the WordPress Security Team Lead, said “Being an open source platform, WordPress has long understood the benefits of many people working together. One person will see things that another person will not. Extending the group of people working to make WordPress more secure just makes sense, and rewarding them for their hard work and responsible reporting lets them know they’re appreciated.”