A few hours back, WordPress released a new update which patches a critical security vulnerability found on the now running stable version (version 4.2.2).
According to the official blog post, the new cross-site scripting vulnerability uses a specially crafted shortcode to bypass WordPress protection KSES.
This vulnerability lets users with Contributor or Author role to compromise the WordPress site.
Along with the critical security update, this release also fixes an issue where a user with Subscriber role can create a new draft using the Quick Draft feature on the WordPress dashboard.
So, in order to protect your site from being compromised, it is advised that you update your WordPress website as soon as possible.
If you have auto updates enabled or on a Managed hosting platform, then the chances are that you are already covered.
To update your WordPress site, login to your WordPress dashboard. Here you will see a new notification regarding the available update. Simply click on the link “Please update now.”
This action will take you to the Updates page. Simply click on the button “Update” and you are good to go.
That’s all for now and hopefully that helps. Do share your thoughts and experiences about the new security vulnerability.