As the Internet continues to evolve, those that have content management systems are in constant need of protection. WordPress recently released the 4.3.1 Security Update for it's platform in order to offer comfort to those who value their blogs. While this update addresses three major issues related to vulnerabilities, it also fixes a variety of bugs found in the 4.3 version of thepopular CMS.
Cross-Site Scripting Vulnerability
WordPress installation versions 4.3 and earlier were found to be vulnerable to cross-site scripting, or XXS. This allows attackers to insert client-side script into web pages. The inclusion of the XXS may allow attackers to circumvent access controls and hijack websites.
Cross-Site Scripting in User Table
Essentially, the XXS in the user table can create compromised accounts giving someone access to all personal information in the database. This can be used to do everything from causing random mayhem to obtaining privileged access to the site in general.
Creating Sticky Posts
It was found that users who don't have permissions to create sticky posts were able to do so. This problem can be utilized to replace visible content on the site or to otherwise obstruct the user from reading pages. Since version 2.7, this was a feature that could be activated by a check box on the administration side. This vulnerability allows unprivileged users to activate the sticky post. These three, along with 26 other fixes, are included in the WordPress 4.3.1 update. This is just another demonstration of how the developers of WordPress have the best interests of users in mind. Blog on knowing that your site is protected from sticky things a scripting oddities.