WordPress releases version 4.2.3 to fix major vulnerabilities

WordPress has announced the release of version 4.2.3 as a security version for all previous versions, urges those users who have WordPress installed on their servers to update to this latest version immediately, something they can do directly from the section of updates to the management panel of your WordPress installations, although those sites that support automatic updates in the background are already starting to receive the new version.

The reason for its immediate update is because the new version fixes a critical vulnerability that allows sites to be compromised by injecting code and affecting users.

Precisely, WordPress indicates that the versions of WordPress 4.2.2. and earlier are affected by a cross-site scripting vulnerability that would allow users with collaborator or author roles to compromise a site. In addition to the mentioned vulnerability, another vulnerability is also fixed that will allow any user with subscription permission to create drafts through Quick Draft.

The new version of WordPress also fixes about 20 bugs found within version 4.2, which are mentioned in the list of changes for the new version. WordPress thanks the sources that have found the vulnerabilities for being responsible and having contacted the team internally to resolve security problems.