xbiz world
xbiz premiere

WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

2026 XBIZ LA Conference Schedule Announced

XBIZ is pleased to announce the release of the full show schedule for the XBIZ 2026 conference, set to take place Jan. 12-15 at the Kimpton Everly Hotel in Hollywood.

Needemand Joins ASACP as Corporate Sponsor

French startup company Needemand has signed on as the latest corporate sponsor for Association of Sites Advocating Child Protection (ASACP).

Utah State Legislator Proposes New 'Porn Tax'

A Utah state senator introduced a bill on Monday that would impose a 7% tax on the gross receipts of adult websites doing business in that state, plus require adult sites to pay an annual $500 fee.

Carlotta Champagne is LoyalFans' 'Featured Creator' for January

LoyalFans has named Carlotta Champagne as its Featured Creator for January.

Pineapple Support Relaunches Site

Pineapple Support has updated and relaunched its website.

Arcom-Targeted Sites Implement Age Verification in France

Five high-traffic adult websites based outside of France have implemented age verification as required under the nation’s Security and Regulation of the Digital Space (SREN) law, after receiving warnings from French media regulator Arcom.

Goddess Lilith Launches 'Adultpreneurs' Networking Site

Goddess Lilith has launched Adultpreneurs, a new community and networking site.

Adult Shoot Location Marketplace 'FckSpace' Launches

FckSpace, a new platform aimed at simplifying location sourcing for adult productions, is now live

Florida Attorney General Dismisses AV Suit Against Segpay

The Florida attorney general’s office on Monday agreed to dismiss claims against payment processor Segpay in a lawsuit over alleged noncompliance with the state’s age verification law.

FTC Weighs Reboot of 'Click to Cancel' Rulemaking Process

The Federal Trade Commission has invited public comments on a petition to renew trade regulation rulemaking concerning negative option plans, after a federal court previously vacated a “click-to-cancel” rule aimed at making it easier for consumers to cancel online subscriptions.

Show More