http://hackingdude.com/2015/04/29/wordpress-zero-day-vulnerability/
Most of the time, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time a Finnish security researcher has discovered a critical zero-day vulnerability in the core engine of the WordPress content management system.I thought I'd post about this since the vulnerability is a bit unusual. I also though it was a bit unusual that Wordpress reportedly ignored a previous vulnerability that the researcher reported to them. Wordpress has a responsibility to it's users and for them to purposefully ignore such a discovery is wrong, in my opinion.
So, if you've Wordpress CMSs that you administer, I'd advise you to upgrade to v4.2.1 (I did a few days ago).
