The latest version of WordPress 4.2.2 addresses two security issues related to Genericons font package and cross-site scripting vulnerability.
WordPress, an open source content management system has once again updated its version to 4.2.2 due to critical security issues with the last release. WordPress 4.2 had some shortcomings within the code and this lead to security loopholes. Techies from all over the world found security issues and reported to the core development team and hence the latest release. IDS Logic a leading software development company with offices in the UK and India is excited with such great list of improvements.
Released on May 7th this year, the updated version of WordPress contains important security fixes for problems with the Genericons font package and cross site scripting (XSS) vulnerability. Reported by Robert Abela of Netsparker, the problems affect a number of popular themes and plugins that also includes WordPress default theme Twenty Fifteen.
Genericons are used in numerous popular themes and plugins that contain an HTML file that is vulnerable to cross site scripting attack. All the affected themes have been addressed by removing this nonessential file. The update version recursively scans the wp-content directory for this file and removes it.
Another issue that 4.2.2 addresses, is the cross-site scripting attack that enables anonymous users to compromise a site. This means that a hacker can change the logged user’s password and cancel the session while maintaining his access. Besides these, the version also provides fixes for 13 bugs from 4.2 that include emoji loading error on IE 9 and 10, keyboard shortcut for saving from Visual editor on Mac and many more.
It is recommended that all the sites update their plugins and themes to the latest version to remain safe from any security attacks.