WordPress 4.2.4 fixes cross-site scripting vulnerabilities and SQL injection (CVE-2015-2213)

It is time for another important security update.

WordPress 4.2.4 was just released, including several important security fixes for all previous WordPress Versions. We recommend you update your websites immediately.

  • WordPress websites with automatic updates enabled and WordPress websites in 1&1 Safe Mode will receive the update shortly.
  • If you have automatic updates disabled, we recommend you update from your WordPress dashboard now.

From the WordPress Blog

WordPress 4.2.4 fixes three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site (CVE-2015-2213).

It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.

In addition to the security fixes, WordPress 4.2.4 contains fixes for 4 bugs from 4.2.3, including:

  • FIX – WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to the database. #32279
  • FIX – Don’t blindly trust the output of glob() to be an array. #33093
  • FIX – Shortcodes: Handle do_shortcode('<[shortcode]') edge cases. #33116
  • FIX – Shortcodes: Protect newlines inside of CDATA. #33106

Source: WordPress Blog

You might also like

Understanding Version Numbers of Software, Plugins and Themes

Please rate this post :

One thought on “WordPress 4.2.4 fixes cross-site scripting vulnerabilities and SQL injection (CVE-2015-2213)

  1. elena carmen foamete says:

    please,stop sending me emails.I don’t want to receive more emails from you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Leave a Reply

Your email address will not be published. Required fields are marked *