WordPress 4.2.4 came out with huge security hole fixed and this is just a security release for all the former versions and it’s highly advisable to go ahead and update your WordPress core to 4.2.4 from any of your older version in case if you don’t have automatic update activated in your admin. This release of 4.2.4 is fixed the critical issue known as cross-site scripting vulnerabilities and it’s a type of computer security vulnerability as it enables attackers to inject client-side script and it can be used to bypass access controls. You know with the help of this vulnerability they can quite easily change your source code and can do lot of damages.
The other critical issue that was fixed in 4.2.4 is known as SQL injection, here attackers embed commands in a URL that trigger behaviors from the database. (SQL is the command language used by the MySQL database.) These attacks can reveal sensitive information about the database, potentially giving hackers entrance to modifying the actual content of your site. Many of today’s web site defacement attacks are accomplished by some form of SQL Injection.
And apart from cross-site scripting & SQL injects, several other bugs have also been fixed. So at Themesfinity we strictly recommend to give higher priority towards security of your WordPress site and try to minimize the hackers to taking over our site so that they can distribute their malware and never knows Google will blacklist your website for this purpose.