8/4/2015 – WordPress 4.2.4 Security Update

Issue: WordPress has released an update (4.2.4). This is a critical update
Status: Update has been released.
Who is impacted? Websites running anything less than 4.2.4.

Early this morning (8/4/2015), WordPress released an update to version 4.2.4 and it is now available. We recommend all customers update to the latest version (WordPress 4.2.4) immediately. This is considered a critical security release for all previous versions of WordPress.

Why was this update released?

This security update corrects six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, a fix for a potential timing side-channel attack, and prevents an attacker from locking a post from being edited. The security release also fixes four bugs. You can review the release notes for more information. Information on the bugs and their fixes can be seen here.

Leave a Reply