WordPress 4.2.3 is now available/released to the public. This is a critical security release for all previous versions, and so it’s strongly recommended that you update your WordPress websites as soon as possible.

WordPress version 4.2.2 and all other previous versions were affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site. Thanks to the Jon Cave of the WordPress Security Team that reported the issue, and later it was fixed by Robert Chapin.

WordPress 4.2.3

WordPress 4.2.3

All previous versions of WordPress also had an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. This is finally fixed now. Overall, WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/js/dashboard.min.js
wp-admin/js/updates.min.js
wp-admin/js/common.js
wp-admin/js/widgets.js
wp-admin/js/dashboard.js
wp-admin/js/updates.js
wp-admin/js/common.min.js
wp-admin/js/widgets.min.js
wp-admin/css/forms.css
wp-admin/css/edit-rtl.css
wp-admin/css/login-rtl.min.css
wp-admin/css/press-this-rtl.css
wp-admin/css/widgets-rtl.css
wp-admin/css/press-this-rtl.min.css
wp-admin/css/edit.css
wp-admin/css/login.min.css
wp-admin/css/wp-admin-rtl.min.css
wp-admin/css/press-this.css
wp-admin/css/widgets.css
wp-admin/css/press-this.min.css
wp-admin/css/forms-rtl.css
wp-admin/css/wp-admin.min.css
wp-admin/includes/ajax-actions.php
wp-admin/includes/dashboard.php
wp-admin/includes/upgrade.php
wp-admin/post.php
wp-includes/capabilities.php
wp-includes/class-wp-embed.php
wp-includes/kses.php
wp-includes/wp-db.php
wp-includes/shortcodes.php
wp-includes/version.php
wp-includes/formatting.php
wp-includes/comment-template.php
wp-includes/js/media-audiovideo.js
wp-includes/js/wp-emoji.min.js
wp-includes/js/mce-view.min.js
wp-includes/js/wp-emoji.js
wp-includes/js/tinymce/plugins/wpview/plugin.js
wp-includes/js/tinymce/plugins/wpview/plugin.min.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/mce-view.js
wp-includes/js/media-audiovideo.min.js
wp-includes/js/wp-emoji-release.min.js

WordPress Installation/Update Information

Sites that have automatic background updates enabled will be updated to 4.2.3. However, If you don’t have automatic background updates enabled on your sites, go to Dashboard > Updates and select Update Now.