WordPress has announced the release 4.2.3 version of security as all previous versions, urges WordPress users who have installed on their servers to update to this latest version right away, something that can be done directly from the section Updates panel to manage their WordPress installations, but those sites that support automatic background updates are beginning to receive the new version.
The reason that calls for them to be updated is because the new version fixes a critical vulnerability that allows engaging sites by injecting code and affect users.
Precisely, said that WordPress versions 4.2.2. and earlier are affected by a vulnerability to cross-site scripting that allow users to roles of partners or compromise a site authors. Besides this vulnerability, one that will allow any user with permission to create drafts subscription through Quick Draft is also corrected.
The new version of WordPress also fixes 20 bugs found in version 4.2, which are mentioned in the list of updates for the new version. Since WordPress thank the sources found vulnerabilities have been responsible and have come in contact with the team internally to solve security problems.