WordPress V4.5.2 has been released. This is a security release and we recommend that you update your installations as soon as possible.

From the release release announcement:

WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.

Full details can be found on the V4.5.2 release announcement.

Leave a Reply