WP 4.3.1 also fixes a privilege escalation issue
http://i1-news.softpedia-static.com/images/fitted/340x180/wordpress-4-3-1-available-for-download-fixes-two-xss-vulnerabilities.jpg
The WordPress security team has pushed an emergency release with the aim of fixing three major security flaws, more precisely two XSS (cross-site scripting) vulnerabilities and a potential privilege escalation bug.
According to the company's changelog, the first XSS bug fixed was found by Ben Bidner, a member of the WordPress security team, and could have been exploited via the user list table. No other extra details were given on how this could have been exploited.
The other two vulnerabilities were uncovered by Shahar Tal and Netanel Rubin, both Check Point researchers, which have gone on to document their process in multiple extensive blog posts.
Full Article.