Title: Version 4.2.16
Author: Subrata Sarkar
Published: February 22, 2019

---

# Version 4.2.16

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-2-16/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-4-2-16/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-2-16/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-4-2-16/?output_format=md#wp--skip-link--target)

On 19 Sep, 2017, WordPress 4.2.16 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-2-16/?output_format=md#installation-update-information)󠁿

To download WordPress 4.2.16, update automatically from the Dashboard > Updates 
menu in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 *  [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 *  [New To WordPress – Where to Start](https://wordpress.org/support/article/new_to_wordpress_-_where_to_start/?output_format=md)
 *  [First Steps With WordPress](https://wordpress.org/support/article/first-steps-with-wordpress/?output_format=md)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 *  [WordPress Lessons](https://wordpress.org/support/article/wordpress-lessons/?output_format=md)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-4-2-16/?output_format=md#summary)󠁿

From the [WordPress 4.8.2 release post](https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/):
WordPress versions 4.8.1 and earlier are affected by nine security issues:

 1.  `$wpdb->prepare()` can create unexpected and unsafe queries leading to potential
     SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
     but we’ve added hardening to prevent plugins and themes from accidentally causing
     a vulnerability. Reported by [Slavco](https://hackerone.com/slavco).
 2.  A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery.
     Reported by xknown of the WordPress Security Team.
 3.  A cross-site scripting (XSS) vulnerability was discovered in the visual editor.
     Reported by [Rodolfo Assis (@brutelogic)](https://twitter.com/brutelogic) of Sucuri
     Security.
 4.  A path traversal vulnerability was discovered in the file unzipping code. Reported
     by [Alex Chapman (noxrnet)](https://hackerone.com/noxrnet).
 5.  A cross-site scripting (XSS) vulnerability was discovered in the plugin editor.
     Reported by 陈瑞琦 (Chen Ruiqi).
 6.  An open redirect was discovered on the user and term edit screens. Reported by
     [Yasin Soliman (ysx)](https://hackerone.com/ysx).
 7.  A path traversal vulnerability was discovered in the customizer. Reported by Weston
     Ruter of the WordPress Security Team.
 8.  A cross-site scripting (XSS) vulnerability was discovered in template names. Reported
     by [Luka (sikic)](https://hackerone.com/sikic).
 9.  A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported
     by [Anas Roubi (qasuar)](https://hackerone.com/qasuar).

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-2-16/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    readme.html
    wp-admin/about.php
    wp-admin/includes/class-wp-plugins-list-table.php
    wp-admin/includes/file.php
    wp-admin/includes/template.php
    wp-admin/plugin-editor.php
    wp-admin/plugins.php
    wp-admin/theme-editor.php
    wp-admin/user-edit.php
    wp-includes/js/mce-view.js
    wp-includes/js/mce-view.min.js
    wp-includes/js/wplink.js
    wp-includes/js/wplink.min.js
    wp-includes/script-loader.php
    wp-includes/version.php
    wp-includes/wp-db.php
    ```

First published

February 22, 2019

Last updated