WordPress 4.5.2 Security Release

Posted by Andrei on May 17, 2016 in WordPress

WordPress has released its latest version 4.5.2 as a security release for all previous versions. We strongly encourage you to update your sites immediately.

This version patches two security vulnerabilities in WordPress versions 4.5.1 and below.

  • The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files.
  • The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.

Mario Heiderich, Masato Kinugawa and Filedescriptor of Cure53 are credited with responsibly disclosing the vulnerabilities.

Auto updates are rolling out to sites but if you don’t want to wait, browse to Dashboard > Updates and click the Update Now button.

Moreover, the core team has published a post concerning the multiple vulnerabilities discovered in ImageMagick, a popular image processing script used on thousands of webhosting servers. The post describes how WordPress is affected and what the team is doing to mitigate issues.

Tags :  ,  ,