WordPress 4.3.1 was made available on Tuesday, and users were strongly encouraged to update to the latest version of the popular content management system because it comes with fixes for a few security issues.
A post credited Shahar Tal and Netanel Rubin of Check Point with reporting how “WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714)” and that “in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).”
The post also credited Ben Bidner of the WordPress security team with identifying a “separate cross-site scripting vulnerability [that] was found in the user list table.”
WordPress 4.3.1 addresses an additional 26 bugs – the release notes and list of changes provided more details.