xbiz world
xbiz premiere

WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

New Creator Directory 'TrustyFans' Launches

TrustyFans, a new directory for creators, has officially launched.

Corey Silverstein to Host Webinar on 'SCOTUS Age Verification Ruling'

Where Does Age Verification Go From Here," to livestream July 10 at 4 p.m. (EDT).

FSC Publishes Guidance on Google Analytics Lawsuits

The Free Speech Coalition (FSC) has published guidance on how adult websites can protect themselves in the wake of several consumer class action lawsuits filed against sites for using Google Analytics.

BranditScan, CreatorTraffic Partner for 'Creators & Agencies' Initiative

BranditScan and advertising network CreatorTraffic have partnered for an initiative to help creators and agencies generate traffic and protect their content.

Teasy Agency Joins Pineapple Support as Supporter-Level Sponsor

Teasy Agency has joined the ranks of over 70 adult businesses and organizations committing funds and resources to Pineapple Support.

Aylo, Pineapple Support Partner for Mental Health Video Series

Aylo has teamed up with Pineapple Support to create a safety video series aimed at educating performers and creators about mental health.

Ofcom Investigates FTV Sites for Possible AV Noncompliance

U.K. media regulator Ofcom is investigating First Time Videos, which operates the sites FTVGirls.com and FTVMilfs.com, for possible failure to comply with age assurance requirements under the Online Safety Act.

Stalwart Defender: Jeffrey Douglas on 30 Years Fighting for Free Expression

“If you had told me in 1995 that I would be on the FSC board for 30 years, I would have laughed out loud,” says Jeffrey Douglas.

FSC Publishes Analysis of Federal Trade Commission Event Promoting AV

Free Speech Coalition (FSC) has published an analysis of a Federal Trade Commission (FTC) event held this week that promoted age verification among other forms of speech regulation.

GirlsDoPorn Owner Michael Pratt Pleads Guilty to Sex Trafficking

Michael Pratt, former owner of the rogue website GirlsDoPorn, pleaded guilty in the U.S. District Court for the Southern District of California on Thursday to sex trafficking and conspiracy to commit sex trafficking charges, according to a report by City News Service.

Show More