WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a some
vulnerability through Plupload, the third-party library WordPress uses
for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable
to reflected XSS using specially crafted URIs through MediaElement.js,
the third-party library used for media players. MediaElement.js and
Plupload have also released updates fixing these issues.
Download WordPress 4.5.2
or venture over to Dashboard → Updates and simply click “Update Now.”
Sites that support automatic background updates are already beginning to
update to WordPress 4.5.2.
Additionally, there are multiple widely publicized vulnerabilities in
the ImageMagick image processing library, which is used by a number of
hosts and is supported in WordPress.
No comments:
Post a Comment