As we await the major release of WordPress 4.3 it´s been discovered WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability.
A Security and Maintenance Release Version has been released and it is highly recommended that you update to WordPress 4.2.3.
You who have automatic update enabled should have been updated by now. For those of you who don’t use automatic updating need to manually update your sites immediately.
The discovery was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site.
The WordPress team also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.
I highly recommend you secure your website by updating urgently.
Better safe than sorry.
Update by doing the following: Sites that support automatic background updates are already beginning to update to WordPress 4.2.3. Or venture over to Dashboard → Updates and simply click “Update Now. Another option is to download WordPress 4.2.3 here.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.
For more information about the update, you can read the release post on the WordPress blog.
Check out all the files revised on the 4.2.3 release page.
While we wait for WordPress 4.3 to be released check out my article – What Can We Expect in WordPress 4.3?. The article contains screenshots and descriptions of all the new or updated features.