WordPress 4.2.4 fixes cross-site scripting, SQL injection vulnerabilities

Update follows security fixes that were in version 4.2.3

The WordPress team has released version 4.2.4 of its popular CMS in order to fix several security bugs. This update is live, and available for immediate download through your WordPress dashboard.
The WordPress Security Team emphasizes that “this is a security release for all previous versions and we strongly encourage you to update your sites immediately” in its announcement of the update.
The update addressees multiple issues, chiefly several cross-site scripting vulnerabilities as well as a possible SQL injection “that could be used to compromise a site.”
This update comes right on the heels of WordPress 4.2.3, which also was released to address several potential security vulnerabilities. WordPress 4.2.3 closed a cross-site scripting vulnerability that is present in versions 4.2.2 and below. Additionally, version 4.2.3 contained fixes for 20 bugs from 4.2.
WordPress 4.2.4 also addresses four minor bugs within the core.
WordPress 4.2.4 is available now. If you’d like to find out more information, you can see the official release notes here. And if you’d like to dive deeper into the update, you can view the WordPress Codex post here, and the 4.2.4 changelog list of closed tickets here.
As always, if you have any questions about setting up your own site’s updates, don’t hesitate to call a member of our support team. And if you’d prefer to let us completely handle your site upgrade, we’ll be happy to help.
Works Cited / For Further Reading:
WordPress 4.2.4 security and maintenance release. (WordPress.org)
WordPress 4.2.4 codex changes. (WordPress.org Codex)
WordPress 4.2.4 core changelog. (WordPress.org Core)
WordPRess 4.2.3 security release. (WordPress.org)
WordPress 4.2.4 fixes critical flaws. (CSO.com)