WordPress.org

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 4.2.4

On August 4, 2015, WordPress 4.2.4 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 4.2.4, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, WordPress 4.2.4 fixes three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site (CVE-2015-2213).

It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.

In addition to the security fixes, WordPress 4.2.4 contains fixes for 4 bugs from 4.2.3, including:

  • FIX - WPDB: When checking the encoding of strings against the database, make sure we're only relying on the return value of strings that were sent to the database. #32279
  • FIX - Don't blindly trust the output of glob() to be an array. #33093
  • FIX - Shortcodes: Handle do_shortcode('<[shortcode]') edge cases. #33116
  • FIX - Shortcodes: Protect newlines inside of CDATA. #33106

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/includes/class-wp-upgrader.php
wp-admin/includes/post.php
wp-admin/includes/update-core.php
wp-admin/js/nav-menu.js
wp-admin/js/nav-menu.min.js
wp-admin/post.php
wp-includes/class-wp-customize-widgets.php
wp-includes/class-wp-embed.php
wp-includes/default-widgets.php
wp-includes/formatting.php
wp-includes/l10n.php
wp-includes/post.php
wp-includes/shortcodes.php
wp-includes/theme.php
wp-includes/version.php
wp-includes/wp-db.php
See also: other WordPress Versions.