A critical cross-site scripting (XSS) vulnerability in WordPress 4.4 and earlier versions has been addressed in a new WordPress version: 4.4.1.
Since this is a security release, anyone who administers a WordPress site is strongly encouraged to install the update as soon as possible. If your WordPress site is configured for auto-updates, it may have been updated already, but you should check it to be sure.
WordPress 4.4.1 also fixes a few minor non-security bugs. In all, 52 bugs were addressed in the new version. The release notes provide additional details.
You can also see what’s changed in 4.4.1 on the WordPress bug tracking site. Happily, the page on the other end of that link shows only what’s changed in WordPress 4.4.1, which is a lot more useful than Mozilla’s approach for Firefox, which is to list all changes since the last major version. The WordPress change list is also a lot easier to navigate (and understand) than the equivalent list for Google Chrome.