WordPress 4.2.4 Security Release

Last updated on by admin

WordPress 4.2.4 is now available for download. This release addresses six critical issues that could be used to compromise your website. If your website is running on WordPress 4.2.3 or older It is strongly recommended that you update to 4.2.4.

Security vulnerabilities addressed in WordPress 4.2.4,

  • Three cross-site scripting vulnerabilities
  • One potential SQL injection
  • One potential timing side-channel attack
  • Preventing an attacker from locking a post from being edited

Bugs addressed in WordPress 4.2.4,

  • WPDB: When checking the encoding of strings against the database, make sure to only rely on the return value of strings that were sent to the database
  • Do not trust the output of glob() function to be an array
  • Shortcodes: Handle do_shortcode('<[shortcode]') edge cases
  • Shortcodes: Protect newlines inside of CDATA

If your site is not updated automatically you can manually update from your dashboard (Dashboard->Updates->Update Now).

GET 60% OFF WordPress Hosting Here

Leave a Reply

Your email address will not be published. Required fields are marked *