{"id":3914,"date":"2015-09-15T15:22:37","date_gmt":"2015-09-15T15:22:37","guid":{"rendered":"http:\/\/wordpress.org\/news\/?p=3914"},"modified":"2022-11-18T22:53:52","modified_gmt":"2022-11-18T22:53:52","slug":"wordpress-4-3-1","status":"publish","type":"post","link":"https:\/\/wordpress.org\/news\/2015\/09\/wordpress-4-3-1\/","title":{"rendered":"WordPress 4.3.1 Security and Maintenance Release"},"content":{"rendered":"<div class=\"storycontent\">\n<p>WordPress 4.3.1 is now available. This is a<strong>\u00a0security release<\/strong>\u00a0for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n<p>This release addresses three issues, including two\u00a0cross-site scripting vulnerabilities and a potential privilege escalation.<\/p>\n<ul>\n<li>WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of <a href=\"http:\/\/checkpoint.com\/\">Check Point<\/a>.<\/li>\n<li>A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.<\/li>\n<li>Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).\u00a0Reported by Shahar Tal and Netanel Rubin of\u00a0<a href=\"http:\/\/checkpoint.com\/\">Check Point<\/a>.<\/li>\n<\/ul>\n<p>Our thanks to those who have practiced\u00a0<a href=\"https:\/\/make.wordpress.org\/core\/handbook\/testing\/reporting-security-vulnerabilities\/\">responsible disclosure<\/a>\u00a0of security issues.<\/p>\n<p>WordPress 4.3.1 also fixes twenty-six\u00a0bugs.\u00a0For more information, see the\u00a0<a href=\"https:\/\/codex.wordpress.org\/Version_4.3.1\">release notes<\/a>\u00a0or consult the\u00a0<a href=\"https:\/\/core.trac.wordpress.org\/log\/branches\/4.3\/?rev=34199&amp;stop_rev=33647\">list of changes<\/a>.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/download\/\">Download WordPress 4.3.1<\/a>\u00a0or venture over to Dashboard \u2192 Updates and simply click \u201cUpdate Now.\u201d Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.<\/p>\n<\/div>\n<p>Thanks to everyone who contributed to 4.3.1:<\/p>\n<p><a href=\"https:\/\/profiles.wordpress.org\/adamsilverstein\/\">Adam Silverstein<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/afercia\/\">Andrea Fercia<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/azaozz\/\">Andrew Ozz<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/boonebgorges\/\">Boone Gorges<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/kraftbj\/\">Brandon Kraft<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/chriscct7\/\">chriscct7<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/extendwings\/\">Daisuke Takahashi<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dd32\/\">Dion Hulse<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ocean90\/\">Dominik Schilling<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/DrewAPicture\/\">Drew Jaynes<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dustinbolton\/\">dustinbolton<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/pento\/\">Gary Pendergast<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/hauvong\/\">hauvong<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/macmanx\/\">James Huff<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jeremyfelt\/\">Jeremy Felt<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jobst\/\">jobst<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/tyxla\/\">Marin Atanasov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/celloexpressions\/\">Nick Halsey<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/nikeo\/\">nikeo<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/nbachiyski\/\">Nikolay Bachiyski<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/swissspidy\/\">Pascal Birchler<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/figureone\/\">Paul Ryan<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/peterwilsoncc\/\">Peter Wilson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/miqrogroove\/\">Robert Chapin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/otto42\/\">Samuel Wood<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/wonderboymusic\/\">Scott Taylor<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/SergeyBiryukov\/\">Sergey Biryukov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/tmatsuur\/\">tmatsuur<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/liljimmi\/\">Tracy Levesque<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/umeshnevase\/\">Umesh Nevase<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/vortfu\/\">vortfu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/welcher\/\">welcher<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/westonruter\/\">Weston Ruter<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress 4.3.1 is now available. This is a\u00a0security release\u00a0for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two\u00a0cross-site scripting vulnerabilities and a potential privilege escalation. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by [&hellip;]<\/p>\n","protected":false},"author":12560283,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14,15],"tags":[178,437],"class_list":["post-3914","post","type-post","status-publish","format-standard","hentry","category-releases","category-security","tag-4-3","tag-minor-releases"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pZhYe-118","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/comments?post=3914"}],"version-history":[{"count":10,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3914\/revisions"}],"predecessor-version":[{"id":13947,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3914\/revisions\/13947"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wporg\/v1\/users\/samuelsidler"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media?parent=3914"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/categories?post=3914"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/tags?post=3914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}