WordPress 4.2.4 Security and Maintenance Release

By Write a Comment on WordPress 4.2.4 Security and Maintenance Release1 min read

wordpress 4.2.4

WordPress 4.3 is just around the corner but the dev team is also working hard to keep current versions secure. Just this morning, they have released WordPress 4.2.4 which is a security release for all previous versions.

WordPress 4.2.4 Security and Maintenance Release patches and bug fixes:

  • 3 XSS (cross-site scripting) vulnerabilities.
  • A potential SQL injection vulnerability.
  • Fix for a potential time side-channel attack.
  • Patch that prevents attacker from locking a post from being edited.

Aside from the security fixes listed above, WordPress 4.2.4 also includes the following bug fixes:

Related Posts
WordPress 6.5 Regina
WordPress 6.5 “Regina” Now Available
WordPress 6.3.2 – Maintenance & Security Release
WordPress 6.1 "Misha"
WordPress 6.1 “Misha” Now Available
WordPress Logo
WordPress 6.0.3 Security Release
WordPress Logo
WordPress 6.0.2 Security and Maintenance Release
WordPress Threaded Comments Not Working
WordPress Threaded Comments Not Working
Elementor Critical Vulnerability
ALERT: Elementor Plugin Critical Remote Code Execution Vulnerability
WordPress Logo
WordPress 5.9.2 Security & Maintenance Release
WordPress Logo
WordPress 5.8.3 Security Release
WordCamp Taiwan 2021
I’m Attending WordCamp Taiwan 2021
  • FIX – WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to the database.
  • FIX – Don’t blindly trust the output of glob() to be an array.
  • FIX – Shortcodes: Handle do_shortcode(‘<[shortcode]') edge cases.
  • FIX – Shortcodes: Protect newlines inside of CDATA.

Below are the list of revised files:

  • readme.html
  • wp-admin/about.php
  • wp-admin/includes/class-wp-upgrader.php
  • wp-admin/includes/post.php
  • wp-admin/includes/update-core.php
  • wp-admin/js/nav-menu.js
  • wp-admin/js/nav-menu.min.js
  • wp-admin/post.php
  • wp-includes/class-wp-customize-widgets.php
  • wp-includes/class-wp-embed.php
  • wp-includes/default-widgets.php
  • wp-includes/formatting.php
  • wp-includes/l10n.php
  • wp-includes/post.php
  • wp-includes/shortcodes.php
  • wp-includes/theme.php
  • wp-includes/version.php
  • wp-includes/wp-db.php

Because this is a security release, everyone (all WordPress users) are strongly advised to immediately upgrade/update. If you have enabled Auto Updates then you don’t have to lift a finger as the system will automatically update the software for you. For those who didn’t, you can do it by logging in and heading to Dashboard > Updates then click Update Now.

If you prefer to do the update manually, you can do so by downloading the WordPress 4.2.4 zip file and uploading it via your FTP client.

Make sure you backup your database and other important or custom files. You might also want to deactivate all active plugins before proceeding with the upgrade to prevent any issues or hiccups.

Prevention is better than cure so please make time to update your WordPress blog/website ASAP. Keep safe and have a nice day!

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 

Tagged In

JP Habaradas

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.
View All Articles

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

JaypeeOnline

This website uses cookies to ensure you get the best experience on our website. Learn more