Patch/Configuration Management, Vulnerability Management

WordPress 4.3.1 released, fixes three security issues

WordPress 4.3.1 was made available on Tuesday, and users were strongly encouraged to update to the latest version of the popular content management system because it comes with fixes for a few security issues.

A post credited Shahar Tal and Netanel Rubin of Check Point with reporting how “WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714)” and that “in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).”

The post also credited Ben Bidner of the WordPress security team with identifying a “separate cross-site scripting vulnerability [that] was found in the user list table.”

WordPress 4.3.1 addresses an additional 26 bugs – the release notes and list of changes provided more details.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.