{"id":1328,"date":"2015-09-16T00:22:37","date_gmt":"2015-09-15T15:22:37","guid":{"rendered":"https:\/\/jirak.net\/wp\/wordpress-4-3-1-security-and-maintenance-release-2\/"},"modified":"2018-02-27T00:25:10","modified_gmt":"2018-02-26T15:25:10","slug":"wordpress-4-3-1-security-and-maintenance-release-2","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/wordpress-4-3-1-security-and-maintenance-release-2\/","title":{"rendered":"WordPress 4.3.1 Security and Maintenance Release"},"content":{"rendered":"<div class=\"storycontent\">\n<p>WordPress 4.3.1 is now available. This is a<strong>\u00a0security release<\/strong>\u00a0for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n<p>This release addresses three issues, including two\u00a0cross-site scripting vulnerabilities and a potential privilege escalation.<\/p>\n<ul>\n<li>WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of <a href=\"http:\/\/checkpoint.com\/\">Check Point<\/a>.<\/li>\n<li>A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.<\/li>\n<li>Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).\u00a0Reported by Shahar Tal and Netanel Rubin of\u00a0<a href=\"http:\/\/checkpoint.com\/\">Check Point<\/a>.<\/li>\n<\/ul>\n<p>Our thanks to those who have practiced\u00a0<a href=\"https:\/\/make.wordpress.org\/core\/handbook\/testing\/reporting-security-vulnerabilities\/\">responsible disclosure<\/a>\u00a0of security issues.<\/p>\n<p>WordPress 4.3.1 also fixes twenty-six\u00a0bugs.\u00a0For more information, see the\u00a0<a href=\"https:\/\/codex.wordpress.org\/Version_4.3.1\">release notes<\/a>\u00a0or consult the\u00a0<a href=\"https:\/\/core.trac.wordpress.org\/log\/branches\/4.3\/?rev=34199&amp;stop_rev=33647\">list of changes<\/a>.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/download\/\">Download WordPress 4.3.1<\/a>\u00a0or venture over to Dashboard \u2192 Updates and simply click \u201cUpdate Now.\u201d Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.<\/p>\n<\/div>\n<p>Thanks to everyone who contributed to 4.3.1:<\/p>\n<p><a href=\"https:\/\/profiles.wordpress.org\/adamsilverstein\">Adam Silverstein<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/afercia\">Andrea Fercia<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/azaozz\">Andrew Ozz<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/boonebgorges\">Boone Gorges<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/kraftbj\">Brandon Kraft<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/chriscct7\">chriscct7<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/extendwings\">Daisuke Takahashi<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dd32\">Dion Hulse<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ocean90\">Dominik Schilling<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/DrewAPicture\">Drew Jaynes<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dustinbolton\">dustinbolton<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/pento\">Gary Pendergast<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/hauvong\">hauvong<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/macmanx\">James Huff<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jeremyfelt\">Jeremy Felt<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jobst\">jobst<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/tyxla\">Marin Atanasov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/celloexpressions\">Nick Halsey<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/nikeo\">nikeo<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/nbachiyski\">Nikolay Bachiyski<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/swissspidy\">Pascal Birchler<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/figureone\">Paul Ryan<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/peterwilsoncc\">Peter Wilson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/miqrogroove\">Robert Chapin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/otto42\">Samuel Wood<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/wonderboymusic\">Scott Taylor<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/SergeyBiryukov\">Sergey Biryukov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/tmatsuur\">tmatsuur<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/liljimmi\">Tracy Levesque<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/umeshnevase\">Umesh Nevase<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/vortfu\">vortfu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/welcher\">welcher<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/westonruter\">Weston Ruter<\/a><\/p>\n<p>Source: wordpress-news<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>WordPress 4.3.1 is now available. This is a\u00a0security release\u00a0for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two\u00a0cross-site scripting vulnerabilities and a potential privilege escalation. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).\u00a0Reported by Shahar Tal and Netanel Rubin of\u00a0Check Point. Our thanks to those who have practiced\u00a0responsible disclosure\u00a0of security issues. WordPress 4.3.1 also fixes twenty-six\u00a0bugs.\u00a0For more information, see the\u00a0release notes\u00a0or consult the\u00a0list of changes. Download WordPress 4.3.1\u00a0or venture over to Dashboard <a class=\"mh-excerpt-more\" href=\"https:\/\/jirak.net\/wp\/wordpress-4-3-1-security-and-maintenance-release-2\/\" title=\"WordPress 4.3.1 Security and Maintenance Release\">[ more&#8230; ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[395],"class_list":["post-1328","post","type-post","status-publish","format-standard","hentry","category-news","tag-wordpress"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/1328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=1328"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/1328\/revisions"}],"predecessor-version":[{"id":22577,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/1328\/revisions\/22577"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=1328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=1328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=1328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}