WordPress has released version 4.2.4. This security release fixes 3 cross-site-scripting (XSS) vulnerabilities and a possible SQL injection exploit.
In addition the update also fixes a few general bugs in the software:
- A fix for characters not being saved correctly when a non-standard database collation is used
- A fix for the core not type-checking directory listings using glob()
- A fix for shortcodes not working when they are added at the beginning of an HTML element (e.g. [crayon lang=”html” inline=”true” decode=”true”]<[my-shortcode …] >[/crayon])
- A fix for shortcodes removing line returns inside of CDATA content blocks
WordPress is the open-source blogging and publishing software originally developed by Autoattic who handed off the software and copyrights to the WordPress Foundation, a charitable organization the supports WordPress and related plugins.
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/