WordPress released Version 4.3.1 Yesterday Sep 15, 2015, hopefully everyone, by now, has their WordPress installations set to automatically upgrade however for those that are still manually updating you will want to immediately upgrade your WordPress installation.
Quote:
This release includes three vulnerabilities:
WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714).
Cross-site Scripting Vulnerability was found in the user list table.
Users without proper permissions could publish private posts and make them sticky (CVE-2015-5715)
|
More details on this security release can be found here:
https://wordpress.org/news/2015/09/wordpress-4-3-1/
Even if you have your WordPress application set to update automatically you will want to check and verify it has been updated from your WordPress dashboard.
If you do not have WordPress set to update automatically here are instructions, and options, for Auto updating.
https://codex.wordpress.org/Configur...ground_Updates
As always FutureQuest encourages anyone running any scripts, such as
WordPress, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team
Linear Mode
