WordPress 4.2.3 is now available.
This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. The new version includes a comprehensive fix for this issue. It also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2.
Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now”. Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.
For more information, see the release notes or consult the list of changes.
Official Link : [ https://wordpress.org/news/2015/07/wordpress-4-2-3/ ]