A new version of WordPress is out and it's a SECURITY release, so we're urging everyone to have their websites upgraded as soon as possible even though it looks like a new version of WordPress (4.3, a major release) will be out soon.
WordPress 4.2.4 Security and Maintenance Release (wordpress.org)
WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.
Our Website Maintenance Department will be in contact with you regarding these upgrades. Clients that have signed up for our Automatic WordPress Update Program will get their website updated promptly.
View the complete list of WordPress versions here.
Read more about why WordPress updates are important.
-Tony
