Critical WordPress System Update
Jun 15, 2015
If you haven’t already updated your WordPress to 4.2.2, now is the time. This is a critical security release and it is strongly recommended that each user takes action to update their site.
The update addresses a few security issues including:
- Version 4.2 and earlier of WordPress were affected by a critical cross-site scripting vulnerability. This vulnerability allows anonymous users to compromise a site. By updating to WordPress’ latest version, the issue is fixed.
- Genericons icon font package. A number of widely used themes and plugins uses this font package. The package contained an HTML file that proved vulnerable to a cross-scripting attack. Themes that have been affected by this have been updated by WordPress, and version 4.2.2 now scans for this HTML file and removes it.
- Bug fixes for over 10 bugs found in version 4.2. Fixes include; Emoji loading error in Internet Explorer, keyboard shortcuts for saving in visual editor on Mac, oEmbed for YouTube will expect https, fixes how WordPress checks for encoding when sending strings to MySQL and more.
To update your WordPress when logged in, head over to your dashboard, click updates and “Update Now.”