Another 'critical' upgrade for WordPress

Among new vulnerabilities patched in Wordpress 4.2.4 is CVE-2015-2213, an SQL injection vulnerability in Wordpress Comments that lets attackers “execute arbitrary SQL commands on the affected system” rated by Check Point Software technologies as “critical”.

There is also a side-channel attack identified by researcher Johannes Schmitt of Scrutinizer and a bug found by Mohamed Baset that enables attackers to lock posts.

The last upgrade, to Wordpress 4.2.3, was just weeks ago, on 24 July, following an XSS vulnerability.