WordPress released a security update, WordPress 4.2.4, on Tuesday that addresses six security vulnerabilities, four of which can be exploited by an attacker to compromise a website.
Among the four bugs that can lead to a website compromise are a SQL injection vulnerability and three cross-site scripting (XSS) flaws, a Tuesday release indicated.
In an advisory, security firm Check Point deemed the SQL injection vulnerability - CVE-2015-2213 - critical in severity, and noted, “Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.”
The update also fixes a bug that allowed an attacker to lock a post from being edited, as well as a flaw that could enable a potential timing side-channel attack. Additionally, the update addresses four bugs in WordPress 4.2.3.