WordPress 4.2.3 Update for XSS Vulnerability

by Carly
04 August 2015

The WordPress security team warned users about a critical vulnerability in WP versions up to 4.2.2, and released an automatic update for all those who are running these versions. Anyone who has automatic updates disabled will be prompted to update to version 4.2.3 as soon as possible, which will install the patch as part of the update.

The security issue has arisen from a gap in the cross-site script that could allow users with Contributor or Author roles to compromise a site. In addition to the critical vulnerability, some other minor bugs were fixed, including a bug that requires an update in the database. The complete error file, as well as details of the revised version 4.2.3, can be found in the WP Codex.