WordPress Releases Critical Security Update

LOS ANGELES — Less than a week after the release of WordPress Version 4.2, a critical security update was released today — along with an admonition for all users to immediately update their installations.

Debuting on April 23, with a goal of improving WordPress’ communication, sharing and simplicity, Version 4.2, nicknamed “Powell” in honor of jazz pianist Bud Powell, offers easier ways to share content, while providing extended character support, enhanced embed options, and streamlined plugin updates.

Now, an emergency patch, Version 4.2.1, has been released to the public and is an update for all previous WordPress versions. The patch addresses a cross-site scripting vulnerability that could enable comment posters to compromise a site.

As for who is affected by this vulnerability, all WordPress-powered sites are at risk if they allow users to post comments via the integrated commenting system.

“An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser,” Marc-Alexandre Montpas wrote for Sucuri.net, advising WordPress site admins to “definitely disable comments on your site until a patch is [installed] to protect your site and customers.”

The unexpected update fuels critics that claim the Open Source WordPress core lacks security, but the opposite is true: As the world’s most popular publishing platform, WordPress is actively embraced by tens of thousands of developers and used in countless websites, making its underlying code perhaps the most scrutinized software on the planet. This means that vulnerabilities are revealed and mitigated far more often than those contained in proprietary systems that are only well-known to a relative handful of developers and users.

WordPress 4.2.1 is now rolling out as an automatic update for sites that support them.

To manually update an installation, download WordPress 4.2.1 or click “Update Now” from the admin Dashboard. 

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Strike 3 Holdings Sues Meta for Pirating Vixen Media Group Content to Train AI

Vixen Media Group owner Strike 3 Holdings filed suit in federal court this week, accusing Facebook parent company Meta of copyright infringement and alleging that Meta has extensively pirated VMG content to train its artificial intelligence models.

Pineapple Support, Streamate to Host 'Navigating Grief and Loss' Support Group

Pineapple Support and Streamate are hosting a free online support group to help performers cope with grief and loss.

Friday is Final AV Compliance Deadline in UK

Friday, July 25 marks U.K. media regulator Ofcom’s deadline for user-to-user services such as tube, cam and fan sites to implement its requisite “highly effective age assurance” measures for preventing minors from viewing adult content.

AEBN Publishes Popular Searches for May, June

AEBN has released the top search terms for the months of May and June from its straight and gay theaters in all 50 states and the District of Columbia.

Ofcom Releases Transparency Reporting Guidelines

Ofcom, the U.K. media regulator, has made public its official guidance detailing how online service providers — including adult sites — will be required to publish annual transparency reports on their efforts to protect children from online harms.

New AV Rules Take Effect for Ireland-Based Sites

Ireland’s Online Safety Code came into force Monday, including a provision requiring adult sites headquartered in Ireland to implement age assurance measures beyond self-declaration.

XBIZ Amsterdam Calls on New Startups for 'Spotlight' Program

XBIZ is pleased to announce that its new “Startup Spotlight” programming will make its European premiere at XBIZ Amsterdam 2025, set to take place Sept. 2-5 at the Jakarta Hotel Amsterdam.

Texas Resumes AV Lawsuit Against Aylo Following SCOTUS Decision

A district court judge in Texas has unfrozen the state’s $1.6 million lawsuit against Aylo for allegedly failing to comply with age verification requirements, Bloomberg Law is reporting.

JuicyAds Wins Trademark Infringement Case Against Fraudulent Domain

JuicyAds has won its World Intellectual Property Organization (WIPO) case against a website using a similar domain to impersonate the company's site and defraud customers.

Anissa Kate, Jordan Starr Top AEBN for Q2 of 2025

AEBN has published its top-selling stars for the second quarter of 2025, with Anissa Kate landing atop the leaderboard for straight theaters and Jordan Starr heading up the gay rankings.

Show More