WordPress 4.3.1 is now available. This is a an important security notice affecting all previous versions of WordPress and we strongly encourage you to update your sites immediately.
Being proactive in the protection of your site is of one of the most important aspects of having a solid web site security policy.
This release includes three vulnerabilities:
- WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714).
- Cross-site Scripting Vulnerability was found in the user list table.
- Users without proper permissions could publish private posts and make them sticky (CVE-2015-5715)
More details on this security release can be found here:
WordPress 4.3.1 Security and Maintenance Release
WordPress 4.3.1 Security and Maintenance Release
If your web site is powered by WordPress, please upgrade it ASAP, here is the procedure we recommend:
1- Backup your Hosting account using your account’s Plesk Panel Backup Manager
2- Upgrade WordPress. There are 2 ways of doing that:
- If you installed WordPress from the Plesk Panel Applications tab, you can upgrade it from the Panel
- If you installed WordPress yourself, login to your WordPress Admin Dashboard and upgrade it from there
3- Check that everything is working.
4- Backup your upgraded installation as a precaution.