WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen .
WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.