WordPress announced today a security and maintenance release to version 4.2.4. This release fixes a number of vulnerabilities uncovered by WordPress security experts.
From WordPress.org WordPress 4.2.4 Security and Maintenance release.:
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.
Please update your WordPress sites immediately. Download WordPress 4.2.4 or click “Update” in your Dashboard admin panel. Always backup before upgrading.