RSS Feed
WordPress 4.2.2 Security and Maintenance Release
Posted by Frank J. -'- Support Team on 10 May 2015 04:32 PM

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Version 4.2.2 addresses two security issues:

  • The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it.
  • WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue.

Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. WordPress 4.2.2 also contains fixes for 13 bugs from 4.2.

For more information, see the release notes or consult the list of changes.

Official Link :


Comments (0)
Help Desk Software by Kayako fusion