WordPress has faced a lot security issues in past few years, the reason for that can be its large community, with over a million users accessing the WordPress platform, a lot of vulnerabilities has come up with some potential security threats. That is why new security updates are released regularly. You should update your WordPress Account on the regular bases. In the last few months WordPress has released three new Security and Maintenance Updates.
WordPress 4.2.3 Security and Maintenance Release
Released on 23 July 2015; this security update is released for the all the previous versions of the WordPress. This update addresses 3 issues.
- Cross-site scripting vulnerability, which could result into user with contributive and author role to compromise the site.
- Possibility of a user with the Subscriber permission to create a draft through Quick Draft
- Also, 20 different bugs from the previous version are fixed.
WordPress 4.2.4 Security and Maintenance Release
Released on 4 August 2015; this security update is released for all the previous versions of WordPress. This update addresses 6 issues.
- Three cross-site scripting vulnerabilities are fixed.
- A potential SQL which can compromise the security of the site
- Issue regarding potential timing side channel attack.
- Issue regarding lock down the editing of a post by an attacker
- It also fix 4 bugs from previous versions.
WordPress 4.3.1 Security and Maintenance Release
Released on 15 September 2015; it is the latest update released for all the previous versions of WordPress. This update addresses 3 issues.
- Cross-site scripting vulnerability in processing of short code tags.
- Cross-site scripting vulnerability in the user list table.
- Publication of private post and make them sticky without proper authorization.
- It also fix 26 bugs from previous versions.
For a better web experience stay update with the new update release. If you think you have some security flaws or have found a bug, you can report this to WordPress directly.