It’s only been a little bit over a week since WordPress 4.2.1 Security Release was released and now we already have WordPress 4.2.2. It was just released a few minutes ago to address a couple of critical cross-site scripting (XSS) vulnerabilites. I saw the update notification on my dashboard while working on some stuff.
WordPress 4.2.2 is a critical security release for all previous versions to address 2 serious security issues:
The WordPress 4.2.2 Security and Maintenance release also includes a hardening for a potential XSS vulnerability in the visual editor. Aside from that it also contains 13 bug fixes found in version 4.2 such as:
All WordPress users are encouraged to immediately upgrade to WordPress 4.2.2. For those who have enabled Automatic Updates, then you’re good to go. For those who haven’t, you can do it two ways: via Dashboard > Updates > Update Now or by doing it manually by downloading WordPress 4.2.2 from WordPress.org and uploading to your server it via FTP.
It’s important to frequently monitor and keep your WordPress blogs or sites up-to-date, including the themes and plugins. Also make it a habit to make regular backups of all your important files/folders like the .htaccess file, the wp-content folder, etc. as well as any custom files that you have.
Better safe than sorry. Update your WordPress installation ASAP!