WordPress Security Release 4.2.4

The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.

WordPress has released version 4.2.4. This security release fixes 3 cross-site-scripting (XSS) vulnerabilities and a possible SQL injection exploit.

In addition the update also fixes a few general bugs in the software:

  • A fix for characters not being saved correctly when a non-standard database collation is used
  • A fix for the core not type-checking directory listings using glob()
  • A fix for shortcodes not working when they are added at the beginning of an HTML element (e.g. [crayon lang=”html” inline=”true” decode=”true”]<[my-shortcode …] >[/crayon])
  • A fix for shortcodes removing line returns inside of CDATA content blocks

WordPress is the open-source blogging and publishing software originally developed by Autoattic who handed off the software and copyrights to the WordPress Foundation, a charitable organization the supports WordPress and related plugins.


Leave a Reply

Your email address will not be published.