WordPress 4.2.3 is now available and as this is a critical security release for all previous versions, we strongly encourage you to update your sites immediately.
WordPress versions 4.2.3 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site. It also fixes an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.
In addition to these two important issues, WordPress 4.2.3 also contains fixes for 20 bugs from 4.2
Sites that support automatic background updates have already started to be upgraded automatically and if your site doesnt already support this feature then we STRONGLY advise you to enable it. Otherwise you need to go to the Dashboard / Updates area and click “Update Now.”