WordPress 4.5.2 Security Update

WordPress 4.5.2 Security Update pixelwork

WordPress 4.5.2 Security Update

WordPress 4.5.2 is now available. This is one security update for all previous versions and we strongly recommend that you update your sites immediately.

WordPress versions 4.5.1 and earlier are affected by SOME vulnerability due to Plupload, the external library that WordPress uses to upload files. WordPress versions from 4.2 to 4.5.1 are vulnerable to a reflex XSS attack if specially crafted URLs are used from MediaElement.js, the external library used for media players. MediaElement.js and Plupload have also been updated to fix these issues.

Both problems were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor since Cure53. Thanks to the team for practicing responsible reporting, and to the Plupload and MediaElement.js teams for working closely with us to coordinate and fix these bugs.

Download WordPress 4.5.2 now or go to your Desktop → Updates and simply click “Update Now” Sites that support automatic background updates are already starting to update to WordPress 4.5.2.

In addition to this, there are several widely published vulnerabilities in the ImageMagick image processing library, used by web hosts and supported by WordPress. For what concerns us about these problems, check out this entry on the kernel development blog.


Source: WordPress