WordPress 4.3.1 was already rolled-out earlier in the month of September, wherein the security release for all previous version was taken into consideration. WordPress, already informed the community and web administrator that it is strongly encouraged to all of them who are using WordPress, to update their sites on an immediate basis.
Three major issues were addressed in the security release, which includes the vulnerabilities found in two cross-site scripting, as well as the potential privilege escalation.
A. As reported by the community member and contributor, Shahar Tal and Netanel Rubin, WordPress version 4.3 and earlier are vulnerable to a cross-site scripting vulnerability while processing shortcode tags.
B. Besides, another separate cross-site scripting vulnerability was also found in the user list table, as reported by Ben Bidner of the WordPress security team.
C. And lastly, in some cases, private posts could be published and could be made sticky by users without proper permission.
D. Additionally, WordPress 4.3.1 also addresses and fixes twenty-six bugs, which were found earlier.
Knowledge Source: WordPress.org