WordPress 4.2.2 Released: Critical Security Update Fixes Multiple Vulnerabilities

Recently, WordPress has been plagued by security vulnerabilities. Following a previous report on a stored XSS vulnerability affecting versions 4.2 and below, the official team released the latest version, WordPress 4.2.2, this afternoon. This is a security update version, and the official team states that it primarily fixes this cross-site scripting (XSS) vulnerability. All users are strongly recommended to upgrade to version 4.2.2 immediately to ensure site security.

According to the official announcement, the vulnerability was caused by an ICO icon generation file (genericons) included in the default theme. The official team has now fixed this issue (logs indicate the deletion of the genericons/example.html file from the theme). Additionally, this update fixes the previously discovered cross-site security vulnerability, a cross-site attack vulnerability under the visual editor, and other compatibility issues.

Please make sure to back up your site before upgrading.