WordPress 4.2.4 was released today to patch three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site.
WordPress versions 4.2.3 and earlier are affected by these flaws and, if you’ve not yet done so, you should back up your site & database and upgrade to WordPress ver. 4.2.4 immediately.
NOTE! All ESC! Technologies Group clients who subscribe to one of our WordPress Maintenance plans have already been updated to WordPress 4.2.4. There is nothing further you need to do.
So what’s patched in WordPress 4.2.4?
Security Issues Addressed
Per the WordPress 4.2.4 changelog, in addition to the critical cross-site scripting vulnerabilities and the SQL Injection flaws, this update also patches “a potential timing side-channel attack and prevents an attacker from locking a post from being edited.”
Finally, WordPress 4.2.4 fixes 4 bugs discovered in the recently released ver. 4.2.3.
Updating Your Site
If you’re not subscribed to one of ESC! Technologies Group’s WordPress Maintenance plans, then before upgrading you’ll want to be sure to:
1. Ensure compatibility with and/or Upgrade all your third party plugins
2. Ensure compatibility with your theme and framework and upgrade if necessary
3. Turn off any caching plugins you may have installed
4. Perform a full backup of your site and database
5. Upgrade
6. After the upgrade is complete, re-enable your caching plugins and test your site
If you have any questions, or would like to learn more about our maintenance plans, please Contact Us.
For more information: http://codex.wordpress.org/Version_4.2.4