WordPress 4.2.1, which was released a few days after 4.2 on April 27th 2015 addresses a critical security issue in WordPress. This XSS vulnerability existed since quite some time, but it was discovered recently. In the Security Release by WordPress it says:
A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site.
An attacker was able to compromise the admin account by using a stored cross site scripting attack vector using the comment functionality. Respectively quick the problem was solved and the new version 4.2.1 released.
Photo Credit: Colin / Wikimedia Commons / CC-BY-SA-4.0