New WordPress Security release 4.2.1 is a critical security release for all previous versions and is strongly recommended to update the sites immediately. WordPress 4.2.1 has begun to roll out as an automatic background update, for the sites that support those.
WordPress 4.2.1 fixes yet another, Stored Cross Site Scripting (XSS) vulnerability which allows unauthenticated user to inject JavaScript in WordPress comments. This injected script can affect both WordPress users and WordPress administrators. This vulnerability potentially has nasty consequences. In the worst case administrator account could be compromised, allowing a hacker to change the password and or remove plugins or set up new admin accounts.
Depending on the current WordPress version of the website, the site might get automatically updated, however if not, a manual update may be required, remember to perform a full site backup before updating the site with 4.2.1.
The bug was discovered by Jouko Pynnonen, and it was recovered with this new release of 4.2.1, since all previous versions of CMS are vulnerable. The new version has been pushed as an automatic update for the websites that have the feature enabled.
One of the corrections included, consists in checking that the strings stored in the database are not too long to generate unintended results on the server.
Installing 4.2.1 has become a priority, as the code for exploiting the vulnerability has been publicly available. Also remember to not just update the core software of WordPress, but also the plugins and themes should be up to date. The plugins should be updated weekly to avoid vulnerability and keep the website healthy.
As noted this release fixes bugs and patch security problems. Security is the top priority for anyone running a website these days. Minor releases in WordPress ensure that the WordPress site remains secure and stable. Keep in mind that the security updates the site from hackers.
Get in touch with us if you want to hire WordPress Specialist for your wordpress development project and for more information visit https://www.heliossolutions.co/cms-development/wordpress-development/
