WordPress has come up with its 4.2.2 version in order to increase its users security. It has also urged people to update their sites immediately.
Samuel Sidler, researcher at WordPress.org, wrote that the new version is aimed to address two security issues.
The first one is the Genericons icon font package, used in themes and plugins, which contained an HTML file vulnerable to a cross-site scripting attack.
On May 7 all affected themes and plugins including twenty fifteen default theme have been updated by the WordPress security team after a DOM-based Cross-Site Scripting (XSS) vulnerability was discovered.
Security researchers from Sucuri warned that the vulnerability is being exploited in the wild days before disclosure.
Security researchers from Sucuri warned that the vulnerability is being exploited in the wild days before disclosure.
Robert Abela of Netsparker reported that in a bid to protect other Genericons usage, WordPress 4.2.2 scans the wp-content directory for this HTML file and removes it.
Secondly, WordPress versions 4.2 and previous versions are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. So, WordPress 4.2.2 includes a comprehensive fix for this issue according to a separate report by Rice Adu and Tong Shi.
WordPress 4.2.2 also contains fixes for 13 bugs from 4.2.
People just have to download WordPress 4.2.2 or venture over to Dashboard. Then click “Update Now” button.
Sites that support automatic background updates have begun to update to WordPress 4.2.2.
