Six WordPress security bugs fixed in version 4.2.4
Ten bugs have been fixed with this release, six of them being security-related, and quite dangerous if left unattended.
These four bugs were reported by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov, member in the HackerOne bug hunting program.
Additionally, Mohamed A. Baset also discovered an issue that allowed attackers to lock posts indefinitely, preventing future edits to the site’s blog content.
Last but not least, Johannes Schmitt of Scrutinizer found a timing side-channel attack vector point which would allow attackers to analyze the time it took cryptographic algorithms to execute their routines.
To upgrade your WordPress installation, just go to the backend panel, in the Dashboard -> Updates section, and press the “Update Now” button.
If your site holds sensitive information, don’t forget to make a backup before triggering the update.