Title: Version 4.3.4
Author: Subrata Sarkar
Published: February 22, 2019

---

# Version 4.3.4

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-3-4/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-4-3-4/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-3-4/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-4-3-4/?output_format=md#wp--skip-link--target)

On 6 May, 2016, WordPress 4.3.4 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-3-4/?output_format=md#installation-update-information)󠁿

To download WordPress 4.3.4, update automatically from the Dashboard > Updates menu
in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 *  [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 *  [New To WordPress – Where to Start](https://wordpress.org/support/article/new_to_wordpress_-_where_to_start/?output_format=md)
 *  [First Steps With WordPress](https://wordpress.org/support/article/first-steps-with-wordpress/?output_format=md)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 *  [WordPress Lessons](https://wordpress.org/support/article/wordpress-lessons/?output_format=md)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-4-3-4/?output_format=md#summary)󠁿

From the [WordPress 4.5.2 release notes](https://wordpress.org/news/2016/05/wordpress-4-5-2/),
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through
Plupload, the third-party library WordPress uses for uploading files. WordPress 
versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted
URIs through MediaElement.js, the third-party library used for media players. MediaElement.
js and Plupload have also released updates fixing these issues.

Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and 
Filedescriptor from [Cure53](https://cure53.de/). Thanks to the team for practicing
[responsible disclosure](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/),
and to the Plupload and MediaElement.js teams for working closely with us to coördinate
and fix these issues.

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-3-4/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    /wp-admin/network/settings.php
    /wp-admin/user-edit.php
    /wp-admin/about.php
    /wp-includes/taxonomy.php
    /wp-includes/js/plupload/plupload.flash.swf
    /wp-includes/js/mediaelement/mediaelement-and-player.min.js
    /wp-includes/js/mediaelement/flashmediaelement.swf
    /wp-includes/http.php
    /wp-includes/version.php
    /wp-includes/class-snoopy.php
    /wp-includes/script-loader.php
    /readme.html
    ```

First published

February 22, 2019

Last updated