|Issue:||WordPress has released an update (4.2.3). This is a critical update|
|Status:||Update has been released.|
|Who is impacted?||Websites running anything less than 4.2.3.|
Early this morning (7/23/2015), WordPress released an update to version 4.2.3 and it is now available. We’re recommending all customers update to the latest version (WordPress 4.2.3) immediately. This is considered a critical security release for all previous versions of WordPress.
Why was this update released?
This security update corrects a cross-site scripting vulnerability, which would allow an anonymous user to exploit a site. The security release also includes a fix for an issue where it was possible for a user with “Subscriber” permissions to create a draft using Quick Draft. This new release also has roughly 20 fixes for bugs previously reported. Information on the bugs and their fixes can be seen here.