A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.
WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
Download WordPress 4.2.1 or venture over to Dashboard ? Updates and simply click “Update Now”.
Reposted from Wordpress.org