WordPress 4.5.2 Security Release

View Points

Blogs are our expert discrete, informal diary-style views. Our developers, designers, marketing personnel have got immense experience and would love to share their views with you.

WordPress 4.5.2 version is released. This is a security release for all the earlier versions. Also it is strongly recommended to update your sites for the same.

Earlier versions are affected badly by some susceptible elements through Plupload. Plupload is a third party wordpress used for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially edited URIs through MediaElement.js, the third-party library used for media players. Thus, considering all these points MediaElement.js and Plupload have released updates fixing these issues.

Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53 were the first to detect and report this problem. The wordpress team will be very thankful to MediaElement.js and Plupload team to co-ordinate with our team and work on responsible disclosure.

To download wordpress 4.5.2 or install it on desktop, go to updates and simply click on “Update now”. If your site supports automatic background updates, it will automatically start to update its version to 4.5.2.

An Imagemagick image processing gallery is also developed which contains multiple widely published vulnerabilities. It is used by many hosts and also supported by wordpress. For further inquiries, see this post on the core development blog.