WordPress 4.5.2 - A Security Release

A new WordPress version – version 4.5.2 has already been available for downloading. As this is a security release, it is strongly recommended to update your sites immediately.

In this version, there are two vulnerabilities analyzed and reported. Firstly, a SOME vulnerability (Same Origin Method Execution) in Plupload which is the third-party library used for uploading files affects both WordPress version 4.5.1 and earlier version. Moreover, WordPress version 4.2 through 4.5.1 are affected by reflected XSS in MediaElement.js which is used for media players.

In addition, multiple other vulnerabilities in the ImageMagick image process library are reported. You can refer to this published post to see how these vulnerabilities affect WordPress and how they are mitigated.

Sites configured to receive automatic update should update within 24 hours. Since this is a security version, it is highly recommended to update your site as soon as possible.