Today, the WordPress team released an important security notice affecting all previous versions of WordPress and encouraging users to update their sites immediately.
Being proactive in the protection of your site is of one of the most important aspects of having a solid security posture. Therefore, we feel it’s important that everyone update as soon as possible.
This release includes three vulnerabilities:
WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags.
Cross-site Scripting Vulnerability was found in the user list table.
Users without proper permissions could publish private posts and make them sticky.
More details on this security release can be found here:
WordPress 4.3.1 Security and Maintenance Release