The open-source WordPress blogging and content management system application is getting an update this week to version 4.3.1, which provides security fixes for cross-site scripting (XSS) flaws. The XSS flaws WordPress fixed in 4.3.1 follow a pair of other related vulnerabilities that security vendor Check Point Software Technologies reported to WordPress that have already been fixed.
In a video interview with eWEEK, Shahar Tal, vulnerability research manager at Check Point, details the flaws in WordPress that his team reported and why they weren’t all easily fixed at the same time.