A cross-site scripting (XSS) flaw was found in WordPress: WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L. This issue was fixed in the 4.4.1 release. External References: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
This was fixed in Fedora and EPEL via: wordpress-4.4.1-1.fc22 wordpress-4.4.1-1.fc23 wordpress-4.4.1-1.fc24 wordpress-4.4.1-1.el6 wordpress-4.4.1-1.el7 wordpress-4.4.1-1.el5