Security Warning: Update WordPress Core, Themes and Plugins Now
In the last week it was reported that there is an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The WordPress security team quickly patched the vulnerability and released 4.2.1 within hours of being notified.
If you run a WordPress website, you are advised to update immediately. If you have enabled automatic updates, then the update may already have hit your site. If not, you can update manually by logging into your admin area and navigating to Dashboard → Updates .
In addition to this, lots of WordPress themes and plugins received security updates. Due to inaccurate information within the WordPress codex, a number of developers improperly assumed the <i>add_query_arg()</i> and <i>remove_query_arg()</i> functions would properly escape user input. So please check your WordPress website to ensure that no themes and plugins need updating. If you have brought any of these from an online marketplace, then you should login and check what version number the themes and plugins are currently using and make sure they are up to date.