It’s been a busy month for the WordPress team. In quick succession, four separate updates were released. Some of these updates were released very close together in order to address quick fixes to issues found by the community.
Out of those four, only one of them could be called a true “Features Update,” which is the point-update WordPress version 4.2 “Powell.” Three of the four updates were categorized as “critical security release[s] for all previous versions of WordPress.”
Included in those updates were multiple security fixes addressed in version 4.1.2, version 4.2.1, and version 4.2.2, respectively. Several cross-site scripting vulnerabilities were discovered, as well as instances where multiple plugins were vulnerable in ways that could lead to SQL injection attacks.
If your site is still on any of the affected versions of WordPress, we recommend you upgrade to the most-current secure version of the CMS.
You can read a full breakdown on all four of these WordPress updates, as well as detailed links to the official release notes for further reading, in our Knowledge Base article:
WordPress — Secure and Latest Versions.
Published: May 12, 2015 at 1:53 PM