WordPress has released its latest patch that fixes security issues. This is due to a report coming from a security firm discovering vulnerability with the blogging platforms.

The Online publishing platform WordPress has released a patch update for critical security issues and Samuel Sidler from WordPress said that version 4.2.2 of the publishing platform is now available.

Like Us on Facebook

According to WordPress, the version 4.2.2 addresses two security issues. The first one is an HTML file in the Genericons icon font package that is vulnerable to a cross-site scripting attack. The affected plugins and themes have been updated as well.

Lastly, the WordPress 4.2.2 has addressed the issues on version 4.2 by a critical cross-site scripting vulnerability. The patch includes hardening for a potential cross-site scripting vulnerability when using the visual editor.

Moreover, the WordPress patch brings fixes for 13 bugs from the 4.2.1 and these are the following: emoji loading error in IE9 and IE10, embed for YouTube URLs to always expect https, keyboard shortcut for saving from the Visual editor on Mac, a bug allowing queries to reference tables in the dbname.tablename format, how WordPress checks for encoding when sending strings to MySQL, a bug where attachment URLs were incorrectly being forced to use https in some contexts, issue with trying to change the wrong index in the wp_signups table on utf8mb4 conversion, Improves performance of loop detection in _get_term_children()and Lowers memory usage for a regex checking for UTF-8 encoding.

To download the WordPress 4.2.2, go to updates and click the "Update Now," while sites which have a support on an automatic background updates are beginning to receive the update.

Meanwhile, MSN reported that Sucuri, a security firm, are the ones who has found out the vulnerability in the WordPress, which leaves the user's site to open to attack.

It affects the TwentyFifteen theme and the JetPack plugin that has over million installations. If the hacker has tricked the user to click a certain website or a link, they can control the user's WordPress site.

The site added that it can be fixed by removing the "example.html" file in any genericons in the user's WordPress installation.

TagsWordPress 4.2.2, WordPress 4.2, update, patch, WORDPRESS