Earlier this month, WordPress released version 4.2.2, which would otherwise be unremarkable were it not that the release contained another critical security update to the software. Last month, WordPress released version 4.2.1, which was also classified as a critical security update. These last two updates address specific vulnerabilities called cross-site scripting vulnerabilities, by which a user may compromise a website via submitting scripting code through the site’s front end. With WordPress, this is oftentimes achieved by submitting a comment through the site’s commenting functionality.
Nothing to worry about here in the least, although the prior update, 4.2.1, reportedly addressed a long-standing vulnerability that had gone unnoticed. It was urgent enough that the update was issued automatically within hours of taking action to all installations of the software to ensure universal compliance.
All client sites built on the WordPress framework are updated to the current version upon release. And there will always be big bad wolves online, but we’re committed to WordPress because it’s a deep, mature, robust platform for creating and managing online content with a huge community of competent good guys looking to make it and the internet a better place.