An important security update was released today for WordPress. This is a security release for all previous versions, and it fixes a cross-site scripting vulnerability which could allow users with the Contributor or Author role to compromise a website. WordPress versions 4.2.2 and earlier are affected by this vulnerability.
A large number of websites has been upgraded to WordPress 4.2.3 already. If you do not have automatic WordPress updates enabled, we strongly recommend you upgrade your website to version 4.2.3 immediately. We also suggest enabling automatic WordPress updates for your website.
We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Once you’re running WordPress 4.2.3, you’re protected from this vulnerability.
We are also e-mailing all owners of affected websites with upgrade instructions. Running the latest versions of WordPress, themes, and plugins is a great step to keep your site safe and sound.
As always, if you have any questions, drop us a line.