xbiz world
xbiz premiere

WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Brazil: New AV Requirements Set to Take Effect March 17

President Luiz Inácio Lula da Silva this week gave final approval to new regulations requiring adult websites to age-verify users located in Brazil starting March 17.

FSC Recommends Platforms Integrate StopNCII.org Tool

In a blog post, Free Speech Coalition (FSC) has recommended that platforms integrate the StopNCII.org tool to prevent the sharing of non-consensual intimate imagery (NCII).

Utah 'Porn Tax' Bill With VPN Provisions Passes State Senate

The Utah state Senate has passed a bill that would impose a 2% tax on the revenues of adult websites doing business in that state, and make sites liable if Utah minors use VPNs to circumvent geolocation.

Fast-Tracked Arizona Bill Includes Consent 'Catch-22' for Adult Sites

A bill advancing rapidly through the Arizona state legislature would impose new requirements for adult content uploaded online, including seemingly contradictory provisions that could effectively make it impossible for adult sites to operate in the state.

VirtualRealPorn Launches WebXR-Enabled Site

VirtualRealPorn has officially launched its new site, built on Web Extended Reality (WebXR) technology.

'MyAsianGFs' Launches Through Paysite.com

MyAsianGFs.com has officially launched through Paysite.com.

Corey Silverstein to Host Webinar on North Carolina Age Verification Thursday

Adult industry attorney Corey D. Silverstein has announced his latest "Legal Impact" webinar, titled "North Carolina AV Law — Content Creation Issues," to livestream Thursday at 4 p.m. (EST).

Ofcom Fines 8579 LLC $1.8 Million for AV Noncompliance

U.K. media regulator Ofcom on Monday imposed a fine of 1.35 million pounds (more than $1.8 million) against adult site operator 8579 LLC for failing to implement age checks as required for compliance with the Online Safety Act.

Pearl Industry Network Launches 'TrustLink' Creator Verification Platform

Trade group Pearl Industry Network (PiN) has launched TrustLink, its free creator verification platform.

FSC Updates Complaint in Tennessee AV Case, AG Motions to Dismiss

The Free Speech Coalition this week filed an amended complaint in its lawsuit challenging the Protect Tennessee Minors Act as unconstitutional, in response to which the Tennessee attorney general motioned for dismissal of the case.

Show More