Note: 4.2.2 has been released to address
IMPORTANT: WordPress 0-Day Vulnerability
This is an urgent security notification concerning those who have sites built on the WordPress platform.
A critical cross-site-scripting (XSS) vulnerability of the WordPress core engine has been announced recently. The vulnerability affects all WordPress versions including the most recent major release (4.2) and has reportedly been fixed in minor security release 4.2.1.
That being said, we strongly recommend updating your WordPress scripts to the most recent version (4.2.1) as soon as possible. This version is already available for automatic update via Softaculous Auto Installer, which is present by default on all our shared and reseller hosting servers and can be accessed through your cPanel account.
When performing the update, we recommend you follow WordPress script update instructions in the Official WordPress Codex at https://codex.wordpress.org/
In addition, we would like to remind you about general security rules, which should be followed regularly: https://www.namecheap.com/