WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Texas Court Orders Adult Site Domain Locked for AV Violations

A district court in Texas has issued a writ requiring domain registry Verisign to “lock” an adult website’s domain over noncompliance with the state’s age verification law.

Adult Web Hosting Service 'QloudHost' Launches

QloudHost, a new web hosting service for adult websites, has launched.

Peter Hooke Launches New Paysite

Peter Hooke has launched an official website through PAYSITE.

Pineapple Support Names Ny Ny Lew as Brand Ambassador

Pineapple Support has named Ny Ny Lew as its newest brand ambassador.

Federal AV Proposal Passes House, Faces Senate Opposition

The U.S. House of Representatives on Monday passed the Kids Internet and Digital Safety (KIDS) Act, which includes provisions to make age verification by adult websites federal law, but the bill still faces tough going in the Senate.

Devin Drills Launches New Paysite

Creator Devin Drills has launched an official website through PAYSITE.

AV Bulletin: Midyear Roundup

Since the U.S. Supreme Court’s decision in Free Speech Coalition v. Paxton, more state age verification laws have been enacted around the United States, as well as proposed at the federal level and in other countries. Meanwhile, lawsuits resulting from AV laws have begun to play out in the courts. This roundup provides an update on the latest news and developments on the age verification front as it impacts the adult industry.

Judge Dismisses Last NCOSE-Backed Suit Over Kansas AV Law

A federal judge on Monday dismissed a lawsuit alleging that adult site SuperPorn violated Kansas’ age verification law, citing lack of jurisdiction after similarly dismissing two related cases earlier this year.

ASACP Updates 'Restricted to Adults' Labeling Resource Page

The Association of Sites Advocating Child Protection (ASACP) has updated its Restricted to Adults (RTA) labeling resource page.

Federal AV Proposal Scores Minor Win in House but Remains in Doubt

A newly announced bipartisan agreement in the U.S. House of Representatives Committee on Energy and Commerce may soon bring a proposed federal age verification law before the full House, but the measure continues to face an uphill battle.

Show More