WordPress 4.2.3 was released today to patch a critical cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability.
If you’ve not yet done so, you should back up your site & database and upgrade to WordPress ver. 4.2.3 immediately.
NOTE! All ESC! Technologies Group clients who subscribe to one of our WordPress Maintenance plans have already been updated to WordPress 4.2.3. There is nothing further you need to do.
So what’s patched in WordPress 4.2.3?
Security Issues Addressed
Per the WordPress 4.2.3 changelog, in addition to the critical cross-site scripting vulnerability, this update also patches an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.
In all, Version 4.2.3 fixes over 30 bugs within WordPress 4.2.
Updating Your Site
If you’re not subscribed to one of ESC! Technologies Group’s WordPress Maintenance plans, then before upgrading you’ll want to be sure to:
1. Ensure compatibility with and/or Upgrade all your third party plugins
2. Ensure compatibility with your theme and framework and upgrade if necessary
3. Turn off any caching plugins you may have installed
4. Perform a full backup of your site and database
5. Upgrade
6. After the upgrade is complete, re-enable your caching plugins and test your site
If you have any questions, or would like to learn more about our maintenance plans, please Contact Us.