WordPress has just released a critical security update to the current stable branch of WordPress.
The latest release fixes a trio of cross-site scripting (XSS) issues: XSS in Genericons, which is shipped with many themes and plugins; XSS caused by MySQL’s field length limit truncation; and XSS in TinyMCE during the transition between text and visual editors. This update will also fix other non-security issues.
More information is available in this blog post on WordPress.org.
As a WP Engine customer, you do not have to take any action–we’ve got you covered. Our technical team is working to auto-update all sites hosted with WP Engine to WordPress 4.1.5. We will continue to follow our regular 4.2 upgrade plan, as outlined here, and replace 4.2.1 with the newly-patched version, 4.2.2.
Please keep in mind that this security update only fixes specific security vulnerabilities. It should not impact any custom code in your plugins or themes.
As always, thank you for choosing WP Engine and entrusting us with your WordPress sites.
Guy I like you most for your wordpress automation. After moving to you my site speed increased even get more security optimization for free.