WordPress 4.2.1 Security Release
WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage
you to update your sites immediately.
A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters
to compromise a site. The vulnerability was discovered by Jouko Pynnönen.
WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.
Once again, we strongly advise that you update your site to WordPress 4.2.1. Make sure to backup your site before you update.