WPTavern: WordPress 4.5.2 Patches Two Security Vulnerabilities

WPTavern: Laravel Releases Valet, a Minimalist Development Environment with Support for WordPress
May 6, 2016
WPTavern: VersionPress 3.0 Adds New Search Feature, Bulk Undo, and Commit Tracking per Environment
May 6, 2016
Show all

The WordPress core team has released WordPress 4.5.2 which patches two security vulnerabilities in WordPress versions 4.5.1 and below. The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library used for media players.

Auto updates are rolling out to sites but if you don’t want to wait, browse to Dashboard > Updates and click the Update Now button. Mario Heiderich, Masato Kinugawa, and Filedescriptor of Cure53 are credited with responsibly disclosing the vulnerabilities.

In addition to the release, the core team has published a post concerning the multiple vulnerabilities discovered in ImageMagick, a popular image processing script used on thousands of webhosting servers. The post describes how WordPress is affected and what the team is doing to mitigate issues.

View @ Planet WP

Skip to toolbar