WordPress 4.2.2 is currently offered. This is a crucial protection launch for all previous variations and also we highly urge you to upgrade your websites quickly.
Variation 4.2.2 addresses 2 protection concerns:
- The Genericons symbol font style bundle, which is made use of in a variety of prominent styles and also plugins, included an HTML data susceptible to a cross-site scripting assault. All influenced styles and also plugins organized on WordPress.org ( consisting of the Twenty Fifteen default motif) have actually been upgraded today by the WordPress protection group to resolve this concern by eliminating this inessential data. To assist safeguard various other Genericons use, WordPress 4.2.2 proactively checks the wp-content directory site for this HTML data and also eliminates it. Reported by Robert Abela of Netsparker.
- WordPress variations 4.2 and also earlier are influenced by a critical cross-site scripting vulnerability, which can allow confidential customers to jeopardize a website. WordPress 4.2.2 consists of an extensive repair for this concern. Reported independently by Rice Adu and also Tong Shi from Baidu[X-team]
The launch additionally consists of setting for a possible cross-site scripting susceptability when utilizing the aesthetic editor. This concern was reported by Mahadev Subedi.
Our many thanks to those that have actually exercised responsible disclosure of protection concerns.
Download WordPress 4.2.2 or endeavor over to Control panel → Updates and also merely click “Update Currently.” Websites that sustain automated history updates are currently starting to upgrade to WordPress 4.2.2.
Many thanks to everybody that added to 4.2.2:
Aaron Jorbin, Andrew Ozz, Andrew Nacin, Boone Gorges, Dion Hulse, Ella Iseulde Van Dorpe, Gary Pendergast, Hinaloe, Jeremy Felt, John James Jacoby, Konstantin Kovshenin, Mike Adams, Nikolay Bachiyski, taka2, and also willstedt.