A new version of WordPress (4.3.1) is available for immediate download and installation. This is a version security for all previous versions and direct is recommended information of software.
This version addresses three security issues, including two vulnerabilities cross-site scripting and a possible privilege escalation.
Όλες οι παλαιότερες εκδόσεις του WοrdPress από την 4.3 είναι ευάλωτες σε μια cross-site scripting ευπάθεια κατά την επεξεργασία των ετικετών shortcode (CVE-2015 - 5.714). Αναφέρθηκαν από τον Shahar Tal και Netanel Rubin της Check Point.
A separate cross-site scripting vulnerability was found in the user list table. Reported by her Ben Bidner teamWordPress Security.
Finally, in some cases, users without the right permissions could publish private messages (CVE-2015 to 5715). They were mentioned by Shahar Tal and Netanel Rubin Check Point.
WordPress 4.3.1 also corrects twenty-six bugs. For more information, see them release notes or consult list of changes.
