Skip to main content
PricingFeaturesAboutContactBlog
Log in
PricingFeaturesAboutContactBlogLog in

WordPress 4.2.2 Maintenance and Security Release

Dave Matthews
Categories
Security
Post Date
May 7th, 2015

WordPress 4.2.2 is available for download, which is a maintenance and security release for all previous version of the core software. The new version fixes several bugs found in version 4.2, and addresses a high-risk XSS vulnerability in the popular Genericons icons pack, used by hundreds of themes and plugins.

WordPress 4.2.2 Security and Maintenance Release

The Genericons XSS vulnerability has been recently disclosed by Sucuri. WordPress 4.2.2 searches for the vulnerable example.html file in the themes and plugins folders, and removes them if found. Just to be safe recommend searching for the example.html file and deleting it in other folders as well, especially if you have the bad habit of “backing up” themes or plugins by copying the entire folder under a new name, such as “plugins-backup.”

All Pressjitsu instances have been upgraded to WordPress 4.2.2 automatically. We also scanned the entire web root directory on all hosts, and removed any Genericons example.html file lying around, so you should be covered.

A full list of changes in version 4.2.2 can be found in the core bug tracker. If you have any questions, please don’t hesitate to open a support request.


Ready-to-use expert knowledge right in your inbox
Sign up here for our weekly newsletter to get WordPress tips from industry experts.