WordPress 4.2.3 is now available. This is a?security release?for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role?to compromise a site. This was initially reported by?Jon Cave?and fixed by?Robert Chapin, both?of the WordPress security team, and later reported by?Jouko Pynn?nen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from?Check Point Software Technologies.
Our thanks to those who have practiced?responsible disclosure?of security issues.
Monday, July 27, 2015