WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. The release also fixes an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.
Read more here – https://wordpress.org/news/2015/07/wordpress-4-2-3/