WordPress 4.2.3 is now available. This update addresses a cross-site scripting vulnerability and contains fixes for 20 bugs found in 4.2. Users are urged to update their sites immediately.
You can download WordPress 4.2.3 directly here, or navigate to Dashboard > Updates, and click “Update Now.”
The XSS vulnerability, reported by Jon Cave, allows users with the Contributor or Author user role to potentially compromise a site. Another issue was identified and addressed in this update “where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.”
You can view the full list bugs addressed in this update here.