WordPress 4.2.4 is available and patches six security vulnerabilities. The vulnerabilities were discovered by outside parties and members of the WordPress core security team. This release also fixes four bugs:
- WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to the database.
#32279 - Don’t blindly trust the output of glob() to be an array. #33093
- Shortcodes: Handle do_shortcode('<[shortcode]') edge cases. #33116
- Shortcodes: Protect newlines inside of CDATA. #33106
List of Files Revised
- readme.html
- wp-admin/about.php
- wp-admin/includes/class-wp-upgrader.php
- wp-admin/includes/post.php
- wp-admin/includes/update-core.php
- wp-admin/js/nav-menu.js
- wp-admin/js/nav-menu.min.js
- wp-admin/post.php
- wp-includes/class-wp-customize-widgets.php
- wp-includes/class-wp-embed.php
- wp-includes/default-widgets.php
- wp-includes/formatting.php
- wp-includes/l10n.php
- wp-includes/post.php
- wp-includes/shortcodes.php
- wp-includes/theme.php
- wp-includes/version.php
- wp-includes/wp-db.php