WordPress 4.5.2 – a security release – is just released tonight. WordPress 4.5.2 fixes a vulnerability through Plupload, the third-party library WordPress uses for uploading files.
WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.
As said, WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
Original WordPress.org post:
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link: https://paypal.me/jreilink.
A cheat-sheet for password crackers
Windows privilege escalation guide
Help Net Security reviewed Acunetix 11
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
Penetration Testers’ Guide to Windows 10 Privacy & Security
Joomla (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit
Samsung’s smart camera. A tale of IoT & network security
“How we broke PHP, hacked Pornhub and earned $20,000”