WordPress 4.2.3 Security and Maintenance release to Patch a Major XSS Vulnerability

The blogging platform, WordPress has rolled out a new version 4.2.3. This is a security release for all previous versions.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site.


As per the company, this issue was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.

This new version also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.

WordPress 4.2.3 also contains fixes for 20 bugs from 4.2.

WordPress, which powers more than 60 million websites worldwide, urges all webmasters to update their sites with the new updates.

Users can venture over to Dashboard → Updates and simply click “Update Now” to update their site.