WordPress Security Update Issued - Powered by Macintosh Electronics Ltd Help Desk Software

News

Posted by Karl @ Macintosh Electronics Ltd Help Desk on 16 September 2015 10:14 am

WordPress Security Update Issued

An update for WordPress was just released to address various security vulnerabilities and it is recommended that you update as soon as possible.

Official Link:

https://wordpress.org/news/2015/09/wordpress-4-3-1/

WordPress 4.3.1 Security and Maintenance Release

Posted September 15, 2015 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.

Help Desk Software by Macintosh Electronics Ltd