WordPress 4.9.1 was released on November 29, 2017 and It is recommended that you update as soon as possible. It is recommended that you update as soon as possible because this release addresses four security issues.
On August 31, 2017, it was discovered that WooCommerce fixed a cross site scripting vulnerability in its popular ‘Product Vendors’ plugin—a premium WordPress plugin for WooCommerce used on 28% of all WooCommerce stores.
Update to 2.0.36 Immediately
The latest version of the ‘Product Vendors’ plugin is 2.0.40, but if you are using the older version 2.0.35 it is recommended you immediately update to 2.0.36. You can read more about this vulnerability on the Wordfence blog.
Maje Media Clients Not Affected
None of Maje Media’s maintenance clients were affected and if you are one of our maintenance clients, you can rest assured, we update client sites and plugins to the latest, most secure version.
If you are interested in having Maje Media take care of WordPress maintenance for you, please visit our pricing page to learn more about our maintenance services.