Sign up to our newsletter
WordPress has issued another update, two weeks after it had fixed an XSS vulnerability and released version 4.2.3.
In an official announcement, it urged all users to update their websites to version 4.2.4 immediately.
WordPress explained that this latest security release addresses six issues that have come to light since the last update, including “three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site”.
The new update also includes a solution for a possible timing side-channel attack, which was uncovered by Johannes Schmitt of Scrutinizer.
Additionally, WordPress 4.2.4 offers users protection against attackers attempting to lock a post from being edited, it stated.
It also contains fixes for four bugs that were found in the previous version. As documented by WordPress in its security update release notes, these include:
WordPress users can download the latest version by visiting its website, or via their dashboard. It added that websites that support automatic updates will already be updating to version 4.2.4.
As it has previously stated, never download or install WordPress from any other website other than the official one. It does not release updates on any other platform.
Author Karl Thomas, ESET