We encourage all of our clients who uses the popular web-based blogging tool WordPress to update the soonest. This is in relation to the discovery of a security flaw in versions 4.2.2 and earlier.
Users on the said versions allow cross-site scripting to take over the site even with a contributor or author role. The cross-site scripting (XSS) attacks allow a script kiddie or hacker or any malicious users to embed malicious code in a website's own coding system. Credit to the internal members of WordPress' security team who discovered the flaw.
Update Now! The said update also fixes a total of 20 flaws, including one where it "was possible for a user with Subscriber permissions to create a draft through Quick Draft."
Your Technical Support Team!