WordPress 4.3.1 is now available.

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress 4.3.1 addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). A separate cross-site scripting vulnerability was found in the user list table. Discovered by Ben Bidner of the WordPress security team. Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).

WordPress 4.3.1 also fixes 26 bugs from 4.3.

Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.

For more information, see the release notes or consult the list of changes.

Official link :[ https://wordpress.org/news/2015/09/wordpress-4-3-1/ ]


Sunday, September 20, 2015

« Back