If you own a website running on an open source technology WordPress, then it’s high advisable to update it at earliest to have essential security updates installed.

Just a couple of weeks since the last security update for WordPress, new security holes have been detected, actually six including cross-site scripting vulnerabilities and a potential SQL injection which could be exploited by malicious hackers to compromise your website. It also includes a fix for a potential timing side-channel attack.

It’s been an unfortunate year for the one of the most popular CMS software and its security team because since the beginning of the year, there has been five security releases already.

WordPress 4.2.4 is available now and patches six security vulnerabilities. We should thank to those keen WordPress lovers and security team which has discovered such security holes and helped us to keep our websites free from vulnerable hackers.

In addition to the security fixes, this release also fixes 4 bugs from 4.2.3 inducing:

  • WPDB: When checking the encoding of strings against the database, make sure we're only relying on the return value of strings that were sent to the database. #32279
  • Don't blindly trust the output of glob() to be an array. #33093
  • Shortcodes: Handle do_shortcode('<[shortcode]') edge cases. #33116
  • Shortcodes: Protect newlines inside of CDATA. #33106

WordPress user should first ensure that they are running on the last version which was 4.2.4 and if your website hasn’t auto been updated automatically yet, it is recommended that you do a full backup first and then update to the latest version manually.