WordPress 4.2.3 is now available. This is a?security release?for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role?to compromise a site. This was initially reported by?Jon Cave?and fixed by?Robert Chapin, both?of the WordPress security team, and later reported by?Jouko Pynn?nen.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from?Check Point Software Technologies.

Our thanks to those who have practiced?responsible disclosure?of security issues.

WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the?release notes?or consult the?list of changes.

Monday, July 27, 2015

« Back