Dear WordPress users: It is time for another important update.
WordPress 4.2.3 was just released, including several important security fixes for all previous WordPress Versions. We recommend you update your websites immediately.
- WordPress websites with automatic updates enabled and WordPress websites in 1&1 Safe Mode will receive the update shortly.
- If you have automatic updates disabled, we recommend you update from your WordPress dashboard now.
From the WordPress Blog
WordPress versions 4.2.2 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site. This was reported by Jon Cave of the WordPress Security Team, and fixed by Robert Chapin.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Source: WordPress Blog
You might also like