WordPress 4.2.4 has been released to address critical cross-site scripting and SQL injection vulnerabilities. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website.
Users and administrators are encouraged to review the WordPress security and maintenance release and apply the necessary updates.
Click here for more information