WordPress, everyone’s favorite CMS, has a new version: 4.2.3 available today. This should be considered as a security release for all previous versions, and of course, we strongly recommend you to update your wordpress website immediately.
Here at Boston Web Group, we’ve seen tons of WordPress sites get hacked. It’s a sad thing to see, but we’ve also learned a great deal about WordPress Hardening, Server Security, and plugin auditing. That’s why we’re rolling out WP Compass – a fully managed and extremely secure WordPress hosting service.
WordPress versions 4.2.2 and earlier are affected by an XSS (cross-site scripting) vulnerability, which could allow users with the various permissions and roles to compromise your wordpress.
What is XSS?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
We want to Thank those at WordPress and on the amazing WordPress Core Developer team who have practiced responsible disclosure of security issues, and helped us all make WordPress a better CMS.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.
How do I upgrade my WordPress? Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.