WordPress 4.2.4 is now available for download. This release addresses six critical issues that could be used to compromise your website. If your website is running on WordPress 4.2.3 or older It is strongly recommended that you update to 4.2.4.
Security vulnerabilities addressed in WordPress 4.2.4,
- Three cross-site scripting vulnerabilities
- One potential SQL injection
- One potential timing side-channel attack
- Preventing an attacker from locking a post from being edited
Bugs addressed in WordPress 4.2.4,
- WPDB: When checking the encoding of strings against the database, make sure to only rely on the return value of strings that were sent to the database
- Do not trust the output of
glob()function to be an array
- Shortcodes: Handle
- Shortcodes: Protect newlines inside of
If your site is not updated automatically you can manually update from your dashboard (Dashboard->Updates->Update Now).