Just in case you missed the notification on your WordPress admin dashboard or via email, WordPress 4.3.1 security and maintenance release was made available earlier today. I found out about the update while checking my email this morning.
WordPress 4.3.1 is a security release for all previous versions and everyone is strongly advised to upgrade ASAP. This version fixes three security issues that includes a couple of XSS (cross-site scripting) vulnerabilities and a potential privilege escalation (act of exploiting a software bug or design flaw in order to gain elevated access to resources that are normally protected from an application or user, thus allowing unauthorized actions).
- WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
- A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
- Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.
If you haven’t upgraded your WordPress installation, please do so immediately. Those who have enabled automatic updates don’t need to do anything. To update manually, you can do it by logging in to the WordPress admin dashboard and going to Dashboard > Updates then clicking on “Update Now“. Users could also do it by downloading the WordPress 4.3.1 installation zip file and uploading it via a FTP client.
Please remember that to avoid any conflicts, issues or problems with the upgrade process, make sure that you do the following: backup your WordPress database, backup the wp-content folder, wp-config.php file, .htaccess file and other custom files and then deactivate all active plugins.
I did the upgrade earlier today and everything went smoothly and haven’t noticed any issues so far running WordPress 4.3.1.
Anyone else upgraded to the WordPress 4.3.1 security and maintenance release? Did you experience any issues, conflicts or problems during the upgrade process? Please share your thoughts by leaving a comment below.