WordPress has gotten a new update. WordPress 4.2.3 is now available. This is a critical security release for all previous versions, it’s strongly recommended that you update your sites immediately to this release to make sure your website is secured.
There are a couple of main security fixes in this release:
WordPress versions 4.2.2 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site.
Also there is a fix for an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.