WordPress Versions 4.2.1 and 4.2.2

On April 27th, 2015, WordPress announced a new critical security release, strongly recommending that all users update their sites immediately. The upgrade was developed the same day as the release after users notified the WordPress team of a cross-site scripting (XSS) vulnerability, which could enable commenters to compromise a site.

The WordPress team has recently released 2 new important updates for WordPress in the span of just 9 days. The first, released on April 27th, 2015, was a new critical security release, version 4.2.1. The second, version 4.2.2, released on May 6th, 2015, was a security update and maintenance release.

WordPress Version 4.2.1

WordPress version 4.2.1 was developed to fix a cross-site scripting (XSS) vulnerability which could have enabled commenters to compromise a site. They also recommended that users remove any suspicious comments from their websites if their website allows for visitors to leave comments on the site.

WordPress Version 4.2.2

On May 6th, 2015, WordPress released another update, version 4.2.2, a maintenance release and security update. WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML file shipped with recent Genericons packages included in the Twenty Fifteen theme, as well as a number of other popular plugins by removing the HTML file. Version 4.2.2 also improves on a fix for a critical cross-site scripting vulnerability introduced in version 4.2.1. Finally, the update fixes numerous bugs found in version 4.2.1 including fixing an emoji loading error in IE9 and IE10. You can read the full list of updates in WordPress version 4.2.2. here.

Want to learn more about WordPress updates? Read our article on Why You Should Update Your Website Regularly or our article about the WordPress 4.0.1 Security Update.

If you would like to know more about the release or how it could affect your WordPress website, please call us at 919-341-8901 or submit a support ticket at theedesign.com/support.