The WordPress core team has released WordPress 4.5.2 which patches two security vulnerabilities in WordPress versions 4.5.1 and below. The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library used for media players.
Auto updates are rolling out to sites but if you don’t want to wait, browse to Dashboard > Updates and click the Update Now button. Mario Heiderich, Masato Kinugawa, and Filedescriptor of Cure53 are credited with responsibly disclosing the vulnerabilities.
In addition to the release, the core team has published a post concerning the multiple vulnerabilities discovered in ImageMagick, a popular image processing script used on thousands of webhosting servers. The post describes how WordPress is affected and what the team is doing to mitigate issues.