WordPress 4.4.1 shipped today. The announcement says that Crtc4L reported that anything 4.4 or older could be “affected by a cross-site scripting vulnerability that could allow a site to be compromised.” Users are advised to update as soon as possible.
WordPress 4.4.1 addresses issues found in older versions of OpenSSL and includes updated emoji support. The update fixes 52 bugs discovered in WordPress 4.4. To see a full list of the fixes, check the Installation/Update information.
You can update your site directly on WordPress.org or in your WordPress dashboard.