The four bugs that can lead to a website compromise include a SQL injection vulnerability and three cross-site scripting (XSS) flaws. Tuesday’s release of WordPress 4.2.4 addresses each of them. This new update also fixes a bug that allowed an attacker to lock a post from being edited, as well as a flaw that could enable a potential timing side-channel attack. Additionally, the update addresses four bugs in WordPress 4.2.3. Continue reading about this update here.