WordPress 4.3.1 released, fixes three security issues
WordPress 4.3.1 was made available on Tuesday, and users were strongly encouraged to update to the latest version of the popular content management system because it comes with fixes for a few security issues.
A post credited Shahar Tal and Netanel Rubin of Check Point with reporting how “WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714)” and that “in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).”
The post also credited Ben Bidner of the WordPress security team with identifying a “separate cross-site scripting vulnerability [that] was found in the user list table.”
This article was first published in our sister publication SC Magazine.