WordPress version 4.2.2 has been released by WordPress.org. This is a Critical Security Update that addresses three major security vulnerabilities and introduces fixes for 13 known bugs. Most importantly it fixes the HTML cross-site scripting vulnerability in the Genericicons font package used in a number of popular WordPress themes and plugins (including the default Twenty Fifteen theme) and two other cross-site scripting vulnerabilities that could enable anonymous users to compromise a site.

For more information, see the 4.2.2 Release Notes.

It is strongly suggested that you Download WordPress 4.2.2 or from your WordPress Dashboard go to Updates and simply click “Update Now.” Sites that are already on version 4.2 that support automatic background updates should automatically update to WordPress 4.2.2.