WordPress has warned users of a “cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site” and urged all users “to update your sites immediately.”
The patch comes in the form of WordPress 4.2.3, which fixes the XSS problem and plenty more besides. One of the newly-squished bugs is described as “an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.”
All YVS WordPress sites for clients have been updated automatically for this issue, and there should be no problems. Access to these sites is strictly controlled by complex login passwords and WordPress Security plug-in known as iThemes which alerts us to any activity related to logging in or changing files. There is always a backup log-in YVS sets up for each website to avoid being locked out by brute force attacks.