WordPress 4.2.3 is now available. This is asecurity releasefor all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author roleto compromise a site. This was initially reported byJon Caveand fixed byRobert Chapin, bothof the WordPress security team, and later reported byJouko Pynnnen.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin fromCheck Point Software Technologies.

Our thanks to those who have practicedresponsible disclosureof security issues.

WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see therelease notesor consult thelist of changes.

Monday, July 27, 2015

« Tagasi