xbiz world
xbiz premiere

WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Kazumi Guests on Chaturbate's 'Sex Tales' Podcast

Kazumi is the latest guest on Chaturbate’s “Sex Tales” podcast, hosted by Melissa Stratton and Vanniall, and streaming on the company’s “Camming Life” YouTube channel.

WIFEY Publishes 'Hotwife Paradox' Report

Vixen Media Group studio imprint WIFEY has published a report on the hotwife lifestyle.

Pineapple Support Partners with Better Life Science's 'STD Hero'

Pineapple Support has partnered with Better Life Science brand STD Hero.

Brazil Sets Enforcement Timeline for New AV Rules

Brazil’s National Data Protection Authority (ANPD) on Friday published a timeline outlining planned steps for monitoring and enforcing age verification under the country’s Digital Statute for Children and Adolescents (Digital ECA), which took effect Tuesday.

Utah Governor Signs 'Porn Tax' and VPN Rule Into Law

Governor Spencer Cox on Friday signed into law a bill to tax adult websites and make them liable if minors circumvent geolocation.

BranditScan Launches 'White Glove' Subscription Tier

BranditScan has launched its new White Glove subscription tier for creators.

German Court: Regulator Can't Block Creator's IG Account, Only Posts

A German court has ruled that while a regional media regulatory agency may block specific Instagram posts that include material deemed harmful to minors, it cannot ban an entire Instagram account due to such a post.

Brazil Lays Out Preliminary Guidelines for New AV Requirements

President Luiz Inácio Lula da Silva on Wednesday signed a decree establishing guidelines for new regulations requiring adult websites to age-verify users located in Brazil.

Senate Committee Debates Section 230 Reform

The U.S. Senate Committee on Commerce, Science, and Transportation held a hearing Wednesday on potential changes to Section 230 of the Communications Decency Act, which protects interactive computer services — including adult platforms — from liability for user-generated content.

Pearl Industry Network Offers Free Creator Memberships

Industry trade group Pearl Industry Network (PiN) has launched its free creator membership initiative.

Show More