WordPress 4.2.2 is now available for download. This is a critical security release for all previous versions.What’s new in this release?
The Genericons icon font package contained an HTML file vulnerable to a cross-site scripting attack. All
affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it.
WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability.
Hardening for a potential cross-site scripting vulnerability when using the visual editor.