WordPress Releases 4.1.5 And 4.2.2 Due To New Vulnerability
There have been a lot of security issues of late targeting WordPress websites and today is no different. In a response to a DOM-based Cross-Site Scripting (XSS) vulnerability, WordPress has released updates to tackle these issues.
On May 6, 2015, WordPress 4.1.5 was released to the public, along with WordPress 4.2.2. This is both a security update for all previous WordPress versions, and a maintenance release for versions 4.1 and newer.
As noted in an article from Sucuri, it appears that the JetPack plugin and the Twenty Fifteen WordPress theme have been found to be vulnerable, affecting millions of websites. However any plugin or theme that uses the genericons package will be at risk.
What This Means For Pressidium Customers
For customers of the Pressidium® Pinnacle Platform, it means we're already on the case. All customers who are waiting to upgrade to the scheduled 4.2 release, have automatically been updated to the latest, safe and stable 4.1.5 update. Those customers who manually update their WordPress installations, have also been updated to WordPress 4.2.2.
Our scheduled, customer wide update will go ahead as planned, however instead of updating to 4.2, sites will update straight to WordPress 4.2.2 in order to keep your websites as secure as possible. For the complete schedule along with the expected release date, please see this article.
One final point to mention, is that anyone creating a fresh, new WordPress installation on our platform, can do so safe in the knowledge that they will be running the latest WordPress 4.2.2 update.