WordPress 4.2.4 Security Release

WordPress version 4.2.4 was released today, which is a security update for all previous WordPress versions.

This version fixes three cross-site scripting vulnerabilities, as well as a potential SQL injection vulnerability in WordPress Comments that could be used to compromise a site (CVE-2015-2213).

It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.

We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Otherwise, you can download WordPress 4.2.4 directly. Once you’re running WordPress 4.2.4, you are protected from these vulnerabilities.

VaultPress recommends enabling automatic WordPress updates if they are disabled on your website. We are also e-mailing all owners of affected websites with upgrade instructions.

By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.

About Stefan

A happiness engineer and a human being.
This entry was posted in General. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s