WordPress version 4.2.4 was released today, which is a security update for all previous WordPress versions.
This version fixes three cross-site scripting vulnerabilities, as well as a potential SQL injection vulnerability in WordPress Comments that could be used to compromise a site (CVE-2015-2213).
It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.
We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Otherwise, you can download WordPress 4.2.4 directly. Once you’re running WordPress 4.2.4, you are protected from these vulnerabilities.
VaultPress recommends enabling automatic WordPress updates if they are disabled on your website. We are also e-mailing all owners of affected websites with upgrade instructions.
By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.