blog post banner

WordPress 4.2.4 Security Release

A new version of WordPress is out, addressing six issues, including XSS vulnerabilities and a potential SQL injection which could be used in hacking a site. You can read more about the specific vulnerabilities patched here.

All WordPress versions are affected and we advise you update all of your sites as soon as possible.

There are also 4 bug fixes included in the patch:

  • FIX – WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to the database.
  • FIX – Don’t blindly trust the output of glob() to be an array.
  • FIX – Shortcodes: Handle do_shortcode('<[shortcode]') edge cases.
  • FIX – Shortcodes: Protect newlines inside of CDATA.

You can download WordPress 4.2.4 here or update through your Dashboard. Automatic updates have already begun rolling out if you have them enabled.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *