Shortly after this article was posted, WordPress released version 4.2.1, flagging it as a critical update. Website owners are encouraged to update immediately, and automatic updates have started to roll out. More information is here.

However, the release advisory from WordPress still suggests that no prior notification was received from Klikki Oy, something the research firm disputes.

The link for this article located at CSO Online is no longer available.