WordPress Security Release 4.2.4

WordPress has released version 4.2.4. This security release fixes 3 cross-site-scripting (XSS) vulnerabilities and a possible SQL injection exploit.

In addition the update also fixes a few general bugs in the software:

  • A fix for characters not being saved correctly when a non-standard database┬ácollation is used
  • A fix for the core not type-checking directory listings using glob()
  • A fix for shortcodes not working when they are added at the beginning of an HTML element (e.g. [crayon lang=”html” inline=”true” decode=”true”]<[my-shortcode …] >[/crayon])
  • A fix for shortcodes removing line returns inside of CDATA content blocks

WordPress is the open-source blogging and publishing software originally developed by Autoattic who handed off the software and copyrights to the WordPress Foundation, a charitable organization the supports WordPress and related plugins.