WordPress.org

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 4.5.2

On 6 May, 2016, WordPress 4.5.2 was released to the public.

See also: other WordPress Versions.

Installation/Update Information

To download WordPress 4.5.2, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:


Summary

From the WordPress 4.5.2 release notes, WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.

Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53. Thanks to the team for practicing responsible disclosure, and to the Plupload and MediaElement.js teams for working closely with us to coördinate and fix these issues.

List of Files Revised

/wp-includes/js/plupload/plupload.flash.swf
/wp-includes/js/mediaelement/flashmediaelement.swf
/wp-includes/js/mediaelement/mediaelement-and-player.min.js
/wp-includes/version.php
/wp-includes/script-loader.php
/readme.html
/wp-admin/about.php