The WordPress team has recently released 2 new important updates for WordPress in the span of just 9 days. The first, released on April 27th, 2015, was a new critical security release, version 4.2.1. The second, version 4.2.2, released on May 6th, 2015, was a security update and maintenance release.
WordPress Version 4.2.1
WordPress version 4.2.1 was developed to fix a cross-site scripting (XSS) vulnerability which could have enabled commenters to compromise a site. They also recommended that users remove any suspicious comments from their websites if their website allows for visitors to leave comments on the site.
WordPress Version 4.2.2
On May 6th, 2015, WordPress released another update, version 4.2.2, a maintenance release and security update. WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML file shipped with recent Genericons packages included in the Twenty Fifteen theme, as well as a number of other popular plugins by removing the HTML file. Version 4.2.2 also improves on a fix for a critical cross-site scripting vulnerability introduced in version 4.2.1. Finally, the update fixes numerous bugs found in version 4.2.1 including fixing an emoji loading error in IE9 and IE10. You can read the full list of updates in WordPress version 4.2.2. here.