Dear Plesk Web Hosting Site Admins see Advisory below:

From: NYS Information Security Officers Forum
Sent: Thursday, February 8, 2018 2:04 PM
To:NYSISO
Subject: NYS ITS CYBER SECURITY ADVISORY - A Bug in WordPress Update Disables Auto-Update Functionality - RISK: HIGH
Importance: High

NEW YORK STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES CYBER SECURITY ADVISORY

ITS ADVISORY NUMBER: 
2018-019

DATE(S) ISSUED:
February 8, 2018

SUBJECT:
A Bug in WordPress Update Disables Auto-Update Functionality

OVERVIEW:
A bug has been discovered in WordPress 4.9.3 that disables the auto-update functionality. WordPress is an open source content management system (CMS) for websites. 

SYSTEMS AFFECTED:
WordPress 4.9.3 

RISK:
Government:

• Large and medium government entities: High
• Small government entities: Medium

Businesses:

• Large and medium business entities: High
• Small business entities: Medium

Home users: Low

DESCRIPTION:
A bug has been discovered in WordPress 4.9.3 that disables the auto-update functionality. This bug was discovered after the release of WordPress 4.9.3.

Note: In order for WordPress to automatically receive future security updates, version 4.9.4 will need to be installed manually.

ACTIONS:

• After appropriate testing, apply appropriate updates provided by WordPress manually to all affected sysytems.
• Apply the Principle of Least Privilege to all systems and services. 

REFERENCES:
WordPress:

• https://wordpress.org/news/2018/02/wordpress-4-9-4-maintenance-release/
• https://make.wordpress.org/core/2018/02/06/wordpress-4-9-4-release-the-technical-details/

Vulnerability Management
  NYS Enterprise Information Security Office

Office of Information Technology Services (ITS)
1220 Washington Avenue, Building 5 - 1st Floor
  Albany, New York 12226
Main Phone: 518-242-5211 | e-mail: eiso.vm@its.ny.gov 
Website: http://its.ny.gov/eiso