Ms Helen Hou-Sandi, on behalf of wordpress team, announced availability of wordpress 4.5.2, a security update for popular open source, content management system. This release fixes some serious security concerns of previous releases and it is highly recommended to upgrade to this system.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.For more information, see original release announcement in wordpress blog.
Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53. Thanks to the team for practicing responsible disclosure, and to the Plupload and MediaElement.js teams for working closely with us to coördinate and fix these issues.