WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Missouri AG Announces Age Verification Rule to Take Effect Nov. 30

Newly appointed Missouri Attorney General Catherine Hanaway announced Friday that the state's recently approved age verification regulation for adult websites will go into effect on Nov. 30.

Aylo, Woodhull Freedom Foundation to Host 'Online Censorship' Event

Aylo and Woodhull Freedom Foundation will co-host a virtual panel addressing online censorship on Sept. 30.

Severe Sex Films Relaunches Site Through YourPaysitePartner

Severe Sex Films has relaunched its official website through YourPaysitePartner (YPP).

Judge Awards Plaintiffs Over $400K in Attorneys Fees in Derek Hay Civil Case

California Superior Court Judge Gail Killefer has awarded former clients of LA Direct Models over $400,000 in attorneys fees and court costs, to be paid by agency founder Derek Hay.

ChickPass Rebrands as 'ChickPass Cinematic Universe'

ChickPass has announced that it has rebranded its network of sites as ChickPass Cinematic Universe.

Brazilian Adult Industry Association ABIPEA Launches

Brazilian Association of the Adult Entertainment Industry and Professionals (ABIPEA) has officially launched its organization.

New Adult Social Media Platform 'Havven' Opens Beta Phase

Havven, a new adult social media platform, has opened its beta phase and will officially launch Oct. 5.

Former Backpage CEO Carl Ferrer Sentenced to 3 Years Probation, $40,000 Fine

Former Backpage.com CEO Carl Ferrer was sentenced in federal court today to three years' probation and a $40,000 restitution fine for a conspiracy conviction related to money laundering through the defunct website.

Pineapple Support to Launch 'Wellbeing by PS' Initiative

Pineapple Support has announced its Wellbeing by PS initiative, naming new team member Amber Madden to head the project.

Playboy Wins $81 Million Judgment in Chinese Licensing Arbitration

Playboy Inc. was awarded $81 million in damages on Monday by the Hong Kong International Arbitration Centre, in a licensing dispute with former partner New Handong Investment (Guangdong) Co. Ltd.

Show More