WordPress 4.2.4 is now available for download and upgrade.
This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress 4.2.4 addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.
Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.