Today, the WordPress team announced that they had been made aware of a cross-site scripting vulnerability, which could enable commentators to compromise a site.
WordPress 4.2.1 has begun to roll out as an automatic background update for websites that support this feature. However, other websites will need us to manually update their version of WordPress to 4.2.1.
WordPress 4.2.1 is a critical security release and M35 Web Design strongly encourages all clients to update their sites immediately.
We are contacting clients who have WordPress sites if we need to update to WP version 4.2.1 for them.