WordPress Patched Zero Day XSS Vulnerability With New 4.2.1 Security Release.
WordPress 4.2.1 version is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.
WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.
What is Cross Site Scripting (XSS)?
'XSS' also known as 'CSS' - Cross Site Scripting. It is a very common vulnerability
found in Web Applications, 'XSS' allows the attacker to INSERT malicous code, There are many types of XSS attacks.
Read more here about Cross Site Scripting with Example.
WordPress clients can likewise briefly disable remarks meanwhile until the patch has been issued by the WordPress security group.
Source: Wordpress