WordPress 4.5.2 Patches Two Security Vulnerabilities

The WordPress core team has released WordPress 4.5.2 which patches two security vulnerabilities in WordPress versions 4.5.1 and below. The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library used for media players.

Auto updates are rolling out to sites but if you don’t want to wait, browse to Dashboard > Updates and click the Update Now button. Mario Heiderich, Masato Kinugawa, and Filedescriptor of Cure53 are credited with responsibly disclosing the vulnerabilities.

In addition to the release, the core team has published a post concerning the multiple vulnerabilities discovered in ImageMagick, a popular image processing script used on thousands of webhosting servers. The post describes how WordPress is affected and what the team is doing to mitigate issues.


12 responses to “WordPress 4.5.2 Patches Two Security Vulnerabilities”

  1. My biggest hassle is trying to understand and utilize files. I have learned a lot of code and can now see the advantages of building a website by adding content via code instead of visual. But I doubt if I will ever get past understanding about files and how to store them and to retrieve them. I have went through Updraft and had to uninstall because they could not give me a clear explanation enough for me to understand. I have been looking at other backup plugins and they are all the same – supposed to be easy – but they are not as far as I am concerned.
    So these WordPress updates are haunting to me! I have worked too hard to just lose an entire website. It is a no win situation for me, so just be glad that all of you can at least understand how to backup and restore a site, because it is hopeless for me. I cannot get any help that is understandable and I cannot afford to pay for assistance, so I just give up.
    After a while WordPress just automatically updates my site, I am sure one day I will try to log in and have a blank page instead of a site. My hosting is of no help in this area either. Of all the advancement of WordPress, they sure can make some of these functions that you would think would be simple – extremely difficult!

  2. Can anybody explain how the media elements leak works and was fixed? I see only one small code change in the script in wordpress. they removed from ‘?x=’+(new date…. the x= so now its ‘?’+new date

    Was that causing the issue? It makes me wonder.

    btw WP is still using a old version of the m.e. script (2.18.x)


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: