A security release has been issued from WordPress:
WordPress 4.3.1 Security and Maintenance Release (wordpress.org)
WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.
- WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
- A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
- Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.
All of our clients running WordPress need to upgrade.
Our Website Maintenance Department will be in contact with you regarding these upgrades. Clients that have signed up for our Automatic WordPress Update Program will get their website updated promptly.
View the complete list of WordPress versions here.
Read more about why WordPress updates are important.
-Tony
