WordPress team had released a security update just few days ago. Yesterday they have released another security update and WordPress 4.2.4 is now available.
WordPress 4.2.4 is now available. This is a security release for all previous versions and It is strongly recommended you to update your sites immediately to latest version.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. It also includes a fix for a potential timing side-channel attack. WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.
If your installation supports automatic updates, your website should be upgraded to latest version automatically. You can also upgrade your installation from your WordPress admin area. Just go to Dashboard -> Updates and simply click “Update Now”.