WordPress version 4.3.1 was released today, which is a security update for all previous WordPress versions. This version of WordPress addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. (CVE-2015-5714). WordPress 4.3.1 also fixes twenty-six bugs! You can read the full announcement here.
To help keep sites using VaultPress secure, we have released a hotfix to proactively protect our users. A hotfix is essentially an immediate security fix delivered by the plugin to plug a vulnerability found elsewhere (either in WordPress core or another plugin). For those who haven’t upgraded yet, it will provide protection before you are able to. Finally, we are also e-mailing all owners of affected websites with upgrade instructions.
We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Otherwise, you can download WordPress 4.3.1 directly. Once you’re running WordPress 4.3.1, you are protected from these vulnerabilities.
As a friendly reminder, VaultPress recommends enabling automatic WordPress updates if they are disabled on your website. By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.