This page redirects to an external site: https://wordpress.org/support/wordpress-version/version-4-0-18/

On 16 May 2017, WordPress 4.0.18 was released to the public.

Installation/Update Information

To download WordPress 4.0.18, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

• Updating WordPress

If you are new to WordPress, we recommend that you begin with the following:

• New To WordPress - Where to Start
• First Steps With WordPress or Upgrading WordPress Extended
• WordPress Lessons

Summary

From the WordPress 4.7.5 release post: WordPress versions 4.7.4 and earlier are affected by six security issues:

1. Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
2. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
3. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
4. A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

List of Files Revised

wp-includes/class-wp-customize-manager.php
wp-includes/version.php
wp-includes/js/plupload/handlers.js
wp-includes/js/plupload/handlers.min.js
wp-includes/class-wp-xmlrpc-server.php
readme.html
wp-admin/customize.php
wp-admin/includes/file.php
wp-admin/about.php
wp-admin/js/customize-controls.min.js
wp-admin/js/customize-controls.js