WordPress has announced and released a security update for all branches back to the 3.7.x branch.
The latest release fixes a trio of cross-site scripting (XSS) issues: XSS in Genericons, which is shipped with many themes and plugins; XSS caused by MySQL’s field length limit truncation; and XSS in TinyMCE during the transition between text and visual editors. This update will also fix other non-security issues.
As your Managed WordPress Platform, we are already updating customer sites, so sit back and relax, all sites will be updated in the next 24 hours. Customers will receive the appropriate release based on their current WordPress version branch. This release covers all version branches from 4.2.x back to 3.7.x and will be upgraded in accordance with our policy to automatically upgrade all sites when a security version is released. For more information on our WordPress upgrade process you can review our Support Garage Article Here. For information on the WordPress 4.2.x functional upgrade process click here.
We’re proud to serve you and keep your sites safe and secure.