A new version of WordPress is out and it's a SECURITY release, so we're urging everyone to have their websites upgraded as soon as possible even though it looks like a new version of WordPress (4.3) will be out soon.
WordPress 4.2.3 Security and Maintenance Release (wordpress.org)
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.
Our Website Maintenance Department will be in contact with you regarding these upgrades. Clients that have signed up for our Automatic WordPress Update Program will get their website updated promptly.
View the complete list of WordPress versions here.
Read more about why WordPress updates are important.
-Tony
