xbiz world
xbiz premiere

WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Brazil Invites Public Input on AV Guidelines

Brazil’s National Data Protection Authority (ANPD) on Friday launched a public consultation on developing guidelines for age verification mechanisms under the country’s Digital Statute for Children and Adolescents (Digital ECA), which requires adult websites to age-verify users located in Brazil.

Paysite Confidential: Inside the Creator Economy's Shift Toward Ownership

For years, the adult industry’s creator economy has been defined by platforms — powerful engines of discovery, monetization and scale that reshaped how performers connect with their audiences.

Senator Urges DOJ to Crack Down on 'Obscenity,' Attacks OnlyFans

U.S. Senator Jim Banks of Indiana this week urged Acting Attorney General Todd Blanche to reestablish the Department of Justice’s defunct Obscenity Prosecution Task Force in a letter that targets OnlyFans while repeatedly conflating “obscenity” with legal adult content.

UN Experts Urge US, Canada to Prosecute Aylo, Others for 'Exploitation'

GENEVA – The United Nations Office of the High Commissioner for Human Rights (OHCHR) has issued a press release in which two U.N. special rapporteurs, cited as experts, accuse Aylo and other companies of complicity in sexual exploitation.

Kickstarter Revokes New Rules Banning Fundraising for Adult Content, Products

Crowdfunding platform Kickstarter announced Tuesday that it has reversed its recent decision to impose new “Mature Content” rules banning projects that involve adult content and sextech.

Report: Irish Justice Minister Seeks UK-Style Ban on 'Extreme' Content

Ireland’s justice minister plans to introduce legislation criminalizing possession and distribution of “extreme” pornography, according to a report by the Irish Independent.

New Kickstarter Rules Ban Fundraising for Adult Content, Products

Crowdfunding platform Kickstarter has posted new “Mature Content” rules banning projects that involve adult content and sextech.

WebGroup Czech Republic Settles Florida AV Suit, Will Pay $1.2 Million

WebGroup Czech Republic (WGCZ), the parent company of XVideos, XNXX, BangBros and GirlsGoneWild, has settled a lawsuit filed by the state of Florida over those sites’ alleged failure to age-verify Florida users before allowing access to adult content.

AEBN Publishes Popular Searches for March, April

AEBN has published the top search terms for March and April from its straight and gay theaters in all 50 states and the District of Columbia.

Ofcom Investigates Two Sites Over Possible AV Violations

U.K. media regulator Ofcom on Wednesday launched investigations into two adult sites as part of its age assurance enforcement program under the Online Safety Act (OSA).

Show More