The WordPress blogging software package has been updated to 4.0.1. In addition to bug fixes, this maintenance release fixes critical security issues that could let an authenticated user potentially compromise a site via cross-site scripting. If you maintain a WordPress installation, please update it soon.
Note that for earlier 3.x versions of WordPress, the cross-site scripting vulnerability allows for an unauthenticated user to potentially compromise a site, so updating to the most recent version (3.9.3, 3.8.5, or 3.7.5) should be completed, if you are unable to upgrade to version 4.0.1.
For more information, see http://wordpress.org/news/2014/11/wordpress-4-0-1/