On September 15, 2015, WordPress 4.3.1 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information # Installation/Update Information

To download WordPress 4.3.1, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

• Updating WordPress

If you are new to WordPress, we recommend that you begin with the following:

• New To WordPress – Where to Start
• First Steps With WordPress or Upgrading WordPress Extended
• WordPress Lessons

Top ↑

Summary # Summary

From the announcement post, WordPress 4.3.1 fixes two cross-site scripting vulnerabilities (CVE-2015-5714, CVE-2015-5715) and a potential privilege escalation.

In addition to the security fixes, WordPress 4.3.1 contains fixes for 26 bugs from 4.3, including:

• Taxonomy: Arguments switched in wp_batch_split_terms Cron Job in Version 4.3 #33423
• TinyMCE: Plugin wplink throw js TypeError: editor.wp undefined #33393
• Customizer: Focusing a control outside of a panel when a panel is open results in a blank screen with no navigation back #33396
• Users: Feature detect best event to use on password fields #33398
• Users: Creating a new user without a password causes error message issues #33406
• Customizer: remove_panel('nav_menus') action generates errors #33411
• Customize: JS error when uploading small image as Site Icon and electing to Skip Cropping #33417
• Users: Cancelling password update on user-profile fails #33419
• Customizer: Toggling customizer controls based on another control does not work anymore in Version 4.3 #33428
• Text Changes: Fix Period Position in wp-admin/about.php #33429
• Widgets: Not displayed if no $instance data is set #33442
• Taxonomy: wp_dropdown_categories doesn’t respect show_option_all #33452
• Database: wpdb class method get_table_from_query() malfunctions if table name contains a dash (-) #33470
• Upgrade/Install: After upgrade to Version 4.3 unable to update plugins. #33480
• Users: Documented $public_only parameter not passed to the get_usernumposts filter #33481
• Upgrade/Install: Comments for Version 4.3 to be default “off” for pages but 1 remains #33490
• Comments: Bug in Comment Quick Edit in smaller screen #33596
• TinyMCE: Visual Editor freezing when multiple HTML tables are added to the post #33617
• Formatting: wpautop breaks HTML comments #33645
• Users: wp_new_user_notification breaking change. #33654
• Customizer: Shift-clicking a widget in the preview doesn’t move focus #33695
• Administration: Password label not focussing password field when clicked #33778
• TinyMCE: Update to 4.2.5 #33782
• Networks and Sites: “Attribute content to” dropdown missing when deleting a user in network admin #33811
• Users: Import global $wp_hasher in wp_new_user_notification #33826

Top ↑

List of Files Revised # List of Files Revised

readme.html
wp-admin/about.php
wp-admin/css/forms-rtl.css
wp-admin/css/forms.css
wp-admin/css/list-tables-rtl.css
wp-admin/css/list-tables.css
wp-admin/css/login-rtl.min.css
wp-admin/css/login.min.css
wp-admin/css/wp-admin-rtl.min.css
wp-admin/css/wp-admin.min.css
wp-admin/includes/class-wp-filesystem-ssh2.php
wp-admin/includes/class-wp-ms-users-list-table.php
wp-admin/includes/class-wp-users-list-table.php
wp-admin/includes/template.php
wp-admin/includes/upgrade.php
wp-admin/includes/user.php
wp-admin/includes/version.php
wp-admin/js/customize-controls.js
wp-admin/js/customize-controls.min.js
wp-admin/js/customize-nav-menus.js
wp-admin/js/customize-nav-menus.min.js
wp-admin/js/edit-comments.js
wp-admin/js/edit-comments.min.js
wp-admin/js/user-profile.js
wp-admin/js/user-profile.min.js
wp-admin/network/site-new.php
wp-admin/network/site-users.php
wp-admin/network/user-new.php
wp-admin/network/users.php
wp-includes/category-template.php
wp-includes/class-wp-xmlrpc-server.php
wp-includes/default-widgets.php
wp-includes/formatting.php
wp-includes/js/tinymce/plugins/charmap/plugin.js
wp-includes/js/tinymce/plugins/charmap/plugin.min.js
wp-includes/js/tinymce/plugins/lists/plugin.js
wp-includes/js/tinymce/plugins/media/plugin.js
wp-includes/js/tinymce/plugins/media/plugin.min.js
wp-includes/js/tinymce/plugins/paste/plugin.js
wp-includes/js/tinymce/plugins/paste/plugin.min.js
wp-includes/js/tinymce/plugins/wpeditimage/plugin.js
wp-includes/js/tinymce/plugins/wpeditimage/plugin.min.js
wp-includes/js/tinymce/plugins/wplink/plugin.js
wp-includes/js/tinymce/plugins/wplink/plugin.min.js
wp-includes/js/tinymce/plugins/wpview/plugin.js
wp-includes/js/tinymce/plugins/wpview/plugin.min.js
wp-includes/js/tinymce/skins/lightgray/content.inline.min.css
wp-includes/js/tinymce/skins/lightgray/content.min.css
wp-includes/js/tinymce/skins/lightgray/skin.ie7.min.css
wp-includes/js/tinymce/skins/lightgray/skin.min.css 
wp-includes/js/tinymce/themes/modern/theme.js
wp-includes/js/tinymce/themes/modern/theme.min.js
wp-includes/js/tinymce/tinymce.min.js 
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/wp-ajax-response.js
wp-includes/js/wp-ajax-response.min.js
wp-includes/media.php
wp-includes/pluggable.php
wp-includes/shortcodes.php
wp-includes/taxonomy.php
wp-includes/user.php
wp-includes/version.php
wp-includes/widgets.php
wp-includes/wp-db.php