Multiple vulnerabilities were found in versions prior to 4.3.1. 1. Cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714) 2. Cross-site scripting vulnerability in the user list table 3. Vulnerability allowing users without proper permissions to publish private posts and make them sticky (CVE-2015-5715) Upstream patches: 1. https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8 2. https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a 3. https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab External reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
Created wordpress tracking bugs for this issue: Affects: fedora-all [bug 1263658] Affects: epel-all [bug 1263659]
wordpress-4.3.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-4.3.1-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-4.3.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-4.3.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-4.3.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-4.3.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to Adam Mariš from comment #0) > Multiple vulnerabilities were found in versions prior to 4.3.1. > ... > 2. Cross-site scripting vulnerability in the user list table This was additionally assigned CVE-2015-7989: http://seclists.org/oss-sec/2015/q4/178