{"id":4290,"date":"2016-05-06T19:17:08","date_gmt":"2016-05-06T19:17:08","guid":{"rendered":"https:\/\/wordpress.org\/news\/?p=4290"},"modified":"2021-06-04T12:00:56","modified_gmt":"2021-06-04T12:00:56","slug":"wordpress-4-5-2","status":"publish","type":"post","link":"https:\/\/wordpress.org\/news\/2016\/05\/wordpress-4-5-2\/","title":{"rendered":"WordPress 4.5.2 Security Release"},"content":{"rendered":"
WordPress 4.5.2 is now available. This is a security release<\/strong> for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n WordPress versions 4.5.1 and earlier are affected by a SOME<\/abbr> vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.<\/p>\n Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53<\/a>. Thanks to the team for practicing responsible disclosure<\/a>, and to the Plupload and MediaElement.js teams for working closely with us to co\u00f6rdinate and fix these issues.<\/p>\n