WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

GirlsDoPorn Owner Michael Pratt Sentenced to 27 Years

Michael Pratt, former owner of the website GirlsDoPorn, has been sentenced to 27 years in federal prison.

TrustyFans Introduces New Blog

Creator directory TrustyFans has introduced an official blog to its site, titled "From Hidden to Hype."

JustFor.fans' Dominic Ford Featured in Wired Magazine

JustFor.fans Founder and CEO Dominic Ford is featured in a new article in Wired Magazine, titled "The Internet Revolutionized Porn. Age Verification Could Upend Everything."

Dr. Charlotte Gaydos Joins ProDx Health Advisory Board

Dr. Charlotte Gaydos has joined the Advisory Board of ProDx Health.

Aylo Fined $5 Million as FTC, Utah Settle Safety Practices Complaint

The Federal Trade Commission and the state of Utah on Wednesday settled a complaint against Aylo, requiring the company to pay a $5 million penalty and implement measures to prevent illegal content from appearing on its sites.

New AI Companion Platform 'Pornstar.love' Launches

Pornstar.love, a new AI companion platform, has officially launched.

Pineapple Support, Stripchat to Host 'Navigating Thoughts of Suicide' Support Group

Pineapple Support and Stripchat are hosting a free online support group to help performers deal with suicidal ideation.

Plaiir Names Cade Maddox as Lead of Creator Relations

Networking platform Plaiir has appointed Cade Maddox as its new lead of creator relations.

Go.cam Launches 'One-Line Integration' Verification Solution

Go.cam has introduced a one-line code integration for age verification.

XBIZ Amsterdam to Debut 'Behind the Lens' Screening Series

XBIZ is pleased to announce the debut of “Behind the Lens,” a new screening series at the upcoming XBIZ Amsterdam conference, featuring special screenings followed by conversations with noted directors.

Show More