WordPress 4.3 is just around the corner but the dev team is also working hard to keep current versions secure. Just this morning, they have released WordPress 4.2.4 which is a security release for all previous versions.
WordPress 4.2.4 Security and Maintenance Release patches and bug fixes:
- 3 XSS (cross-site scripting) vulnerabilities.
- A potential SQL injection vulnerability.
- Fix for a potential time side-channel attack.
- Patch that prevents attacker from locking a post from being edited.
Aside from the security fixes listed above, WordPress 4.2.4 also includes the following bug fixes:
- FIX – WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to the database.
- FIX – Don’t blindly trust the output of glob() to be an array.
- FIX – Shortcodes: Handle do_shortcode(‘<[shortcode]') edge cases.
- FIX – Shortcodes: Protect newlines inside of CDATA.
Below are the list of revised files:
Because this is a security release, everyone (all WordPress users) are strongly advised to immediately upgrade/update. If you have enabled Auto Updates then you don’t have to lift a finger as the system will automatically update the software for you. For those who didn’t, you can do it by logging in and heading to Dashboard > Updates then click Update Now.
If you prefer to do the update manually, you can do so by downloading the WordPress 4.2.4 zip file and uploading it via your FTP client.
Make sure you backup your database and other important or custom files. You might also want to deactivate all active plugins before proceeding with the upgrade to prevent any issues or hiccups.
Prevention is better than cure so please make time to update your WordPress blog/website ASAP. Keep safe and have a nice day!