xbiz world
xbiz premiere

WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Final Defendant Sentenced in GirlsDoPorn Case

Former adult producer Doug Wiederhold, previously a business partner of GirlsDoPorn owner Michael Pratt, was sentenced on Friday in federal court to four years in prison for conspiracy to commit sex trafficking.

FTC Takes Another Step Toward New 'Click to Cancel' Rule

The Federal Trade Commission (FTC) is negotiating the latest procedural hurdle in its effort to renew rulemaking concerning negative option plans, after a federal court previously vacated a “click-to-cancel” rule aimed at making it easier for consumers to cancel online subscriptions.

Pineapple Support, Brazzers to Host 'Navigating Relationships' Support Group

Pineapple Support and Brazzers are hosting a free online support group for performers to build and maintain healthy relationships.

Aylo, SWOP Behind Bars to Host 'Deplatforming' Community Panel

Aylo and Sex Workers Outreach Project (SWOP) Behind Bars will host a panel on creators’ rights and deplatforming on Feb. 10 at 3 p.m. (EST).

Adult Trade Group Pearl Industry Network to Debut at Taboo Vancouver

Pearl Industry Network (PiN), a new trade group for the adult industry focused on content creators, will debut at Taboo Vancouver adult lifestyle and wellness expo next week.

New Creator Platform 'OnlyPhones' Launches

OnlyPhones, a new phone-based creator platform, has officially launched.

AEBN Reveals Ariel Demure as Top Trans Star for Q4 of 2025

AEBN has published its top trans stars list for the fourth quarter of 2025, with reigning XMAs Trans Performer of the Year Ariel Demure landing atop the leaderboard.

Rebel Lynn Launches 'PoleVixens' Through Paysite.com

Rebel Lynn has launched her new pole dancing-themed membership site, PoleVixens, through Paysite.com.

Pineapple Support Taps Athena Bellamy as Brand Ambassador

Pineapple Support has named Athena Bellamy as its newest brand ambassador.

AV Bulletin: Health Warnings, VPNs and Exemptions

Since the Supreme Court’s decision in Free Speech Coalition v. Paxton, more state age verification laws have been introduced around the United States, as well as at the federal level and in other countries. This roundup provides an update on the latest news and developments on the age verification front as it impacts the adult industry.

Show More