A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site.
WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
For more information, see the release notes.
Download WordPress 4.2.1 or login into your wp-admin, Dashboard ? Updates and simply click “Update Now”.