Hello everyone! I hope you’re having a good and productive week. We are busy here at iMark Interactive making sure out clients’ sites are updated to the latest version of WordPress (release notes).
Yesterday, WordPress released a security update to version 4.3. Version 4.3.1 is a security update that handles two cross-scripting vulnerabilities and one user privilege escalation. This is a recommended update for everyone!
According to the WordPress.org blog, here are the potential issues fixed:
- WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714).
- A separate cross-site scripting vulnerability was found in the user list table.
- Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).
This update also takes care of 26 known bugs in version 4.3.
As noted in our other posts, if you’re site is not set to auto-update, then you need to take care of this one yourself. We handle these updates for our managed clients, but if you need assistance, you can contact us to do it for you. We will back up your site and then run any applicable updates.
If you plan on handling this update yourself, make sure to backup your site and database. You can do this with the free UpdraftPlus plugin or use a service like VaultPress. Either way, DO NOT update your site without backing it up.
If you want to turn off the auto-update functionality, check out this post.