{"id":3807,"date":"2015-07-23T11:21:10","date_gmt":"2015-07-23T11:21:10","guid":{"rendered":"http:\/\/wordpress.org\/news\/?p=3807"},"modified":"2022-11-18T22:53:52","modified_gmt":"2022-11-18T22:53:52","slug":"wordpress-4-2-3","status":"publish","type":"post","link":"https:\/\/wordpress.org\/news\/2015\/07\/wordpress-4-2-3\/","title":{"rendered":"WordPress 4.2.3 Security and Maintenance Release"},"content":{"rendered":"<p>WordPress 4.2.3 is now available. This is a<strong>\u00a0security release<\/strong> for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n<p>WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role\u00a0to compromise a site. This was initially reported by <a href=\"https:\/\/profiles.wordpress.org\/duck_\/\">Jon Cave<\/a>\u00a0and fixed by\u00a0<a href=\"http:\/\/www.miqrogroove.com\/\">Robert Chapin<\/a>, both\u00a0of the WordPress security team, and later reported by\u00a0<a href=\"http:\/\/klikki.fi\/\">Jouko Pynn\u00f6nen<\/a>.<\/p>\n<p>We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from <a href=\"https:\/\/www.checkpoint.com\/\">Check Point Software Technologies<\/a>.<\/p>\n<p>Our thanks to those who have practiced <a href=\"https:\/\/make.wordpress.org\/core\/handbook\/reporting-security-vulnerabilities\/\">responsible disclosure<\/a> of security issues.<\/p>\n<p>WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the <a href=\"https:\/\/codex.wordpress.org\/Version_4.2.3\">release notes<\/a> or consult the <a href=\"https:\/\/core.trac.wordpress.org\/log\/branches\/4.2?rev=33382&amp;stop_rev=32430\">list of changes<\/a>.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/download\/\">Download WordPress 4.2.3<\/a> or venture over to Dashboard \u2192 Updates and simply click \u201cUpdate Now.\u201d Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.<\/p>\n<p>Thanks to everyone who contributed to 4.2.3:<\/p>\n<p><a href=\"https:\/\/profiles.wordpress.org\/jorbin\/\">Aaron Jorbin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/nacin\/\">Andrew Nacin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/azaozz\/\">Andrew Ozz<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/boonebgorges\/\">Boone Gorges<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/chriscct7\/\">Chris Christoff<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dd32\/\">Dion Hulse<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ocean90\/\">Dominik Schilling<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/iseulde\/\">Ella Iseulde Van Dorpe<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/gabrielperezs\/\">Gabriel P\u00e9rez<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/pento\/\">Gary Pendergast<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mdawaffe\/\">Mike Adams<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/miqrogroove\/\">Robert Chapin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/nbachiyski\/\">Nikolay Bachiyski<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/magicroundabout\/\">Ross Wintle<\/a>, and <a href=\"https:\/\/profiles.wordpress.org\/wonderboymusic\/\">Scott Taylor<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress 4.2.3 is now available. This is a\u00a0security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role\u00a0to compromise a site. This was initially reported by Jon Cave\u00a0and [&hellip;]<\/p>\n","protected":false},"author":2004385,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14,15],"tags":[164,437],"class_list":["post-3807","post","type-post","status-publish","format-standard","hentry","category-releases","category-security","tag-4-2","tag-minor-releases"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pZhYe-Zp","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/users\/2004385"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/comments?post=3807"}],"version-history":[{"count":9,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3807\/revisions"}],"predecessor-version":[{"id":13948,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3807\/revisions\/13948"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media?parent=3807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/categories?post=3807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/tags?post=3807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}