WordPress 4.2.2 Maintenance and Security Release
WordPress 4.2.2 is available for download, which is a maintenance and security release for all previous version of the core software. The new version fixes several bugs found in version 4.2, and addresses a high-risk XSS vulnerability in the popular Genericons icons pack, used by hundreds of themes and plugins.
The Genericons XSS vulnerability has been recently disclosed by Sucuri. WordPress 4.2.2 searches for the vulnerable example.html file in the themes and plugins folders, and removes them if found. Just to be safe recommend searching for the example.html file and deleting it in other folders as well, especially if you have the bad habit of “backing up” themes or plugins by copying the entire folder under a new name, such as “plugins-backup.”
All Pressjitsu instances have been upgraded to WordPress 4.2.2 automatically. We also scanned the entire web root directory on all hosts, and removed any Genericons example.html file lying around, so you should be covered.
A full list of changes in version 4.2.2 can be found in the core bug tracker. If you have any questions, please don’t hesitate to open a support request.