Title: Version 4.2.13
Author: Subrata Sarkar
Published: February 22, 2019

---

# Version 4.2.13

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-2-13/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-4-2-13/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-2-13/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-4-2-13/?output_format=md#wp--skip-link--target)

On March 6, 2017, WordPress 4.2.13 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-2-13/?output_format=md#installation-update-information)󠁿

To download WordPress 4.2.13, update automatically from the Dashboard > Updates 
menu in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 *  [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 *  [New To WordPress – Where to Start](https://wordpress.org/support/article/new_to_wordpress_-_where_to_start/?output_format=md)
 *  [First Steps With WordPress](https://wordpress.org/support/article/first-steps-with-wordpress/?output_format=md)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 *  [WordPress Lessons](https://wordpress.org/support/article/wordpress-lessons/?output_format=md)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-4-2-13/?output_format=md#summary)󠁿

From the [WordPress 4.7.3 release post](https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/):
WordPress versions 4.7.2 and earlier are affected by six security issues:

 1. Cross-site scripting (XSS) via media file metadata. Reported by [Chris Andrè Dale](https://www.securesolutions.no/),
    [Yorick Koster](https://twitter.com/yorickkoster), and Simon P. Briggs.
 2. Control characters can trick redirect URL validation. Reported by [Daniel Chatfield](http://www.danielchatfield.com/).
 3. Unintended files can be deleted by administrators using the plugin deletion functionality.
    Reported by [xuliang](http://b.360.cn/).
 4. Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by [Marc Montpas](https://twitter.com/marcs0h).
 5. Cross-site scripting (XSS) via taxonomy term names. Reported by [Delta](https://profiles.wordpress.org/deltamgm2/).
 6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server
    resources. Reported by Sipke Mellema.

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-2-13/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    readme.html
    wp-admin/about.php
    wp-admin/plugins.php
    wp-admin/includes/media.php
    wp-admin/includes/class-wp-press-this.php
    wp-includes/version.php
    wp-includes/pluggable.php
    wp-includes/media.php
    ```

First published

February 22, 2019

Last updated