WordPress 4.2.3 – Critical Security Update and Maintenance Release

A few hours back, WordPress released a new update which patches a critical security vulnerability found on the now running stable version (version 4.2.2).

According to the official blog post, the new cross-site scripting vulnerability uses a specially crafted shortcode to bypass WordPress protection KSES.

This vulnerability lets users with Contributor or Author role to compromise the WordPress site.

Along with the critical security update, this release also fixes an issue where a user with Subscriber role can create a new draft using the Quick Draft feature on the WordPress dashboard.

So, in order to protect your site from being compromised, it is advised that you update your WordPress website as soon as possible.

If you have auto updates enabled or on a Managed hosting platform, then the chances are that you are already covered.

For the geeks, here is the release notes and the list of changes.

Update WordPress

To update your WordPress site, login to your WordPress dashboard. Here you will see a new notification regarding the available update. Simply click on the link “Please update now.”

wordpress-4-2-3-please-update-now

This action will take you to the Updates page. Simply click on the button “Update” and you are good to¬†go.

wordpress-4-2-3-click-update-now

As a precaution, don’t forget to make a good backup of your WordPress site and database before updating. This will help you revert back if anything goes wrong.

That’s all for now and hopefully that helps. Do share your thoughts and experiences about the new security vulnerability.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.