Number: AV16-074
Date: 6 May 2016
Purpose
The purpose of this advisory is to bring attention to a WordPress 4.5.2 Security Release.
Assessment
WordPress versions 4.5.1 and previous are affected by a SOME vulnerability through Plupload, the third party library used by Wordpress to upload files.
WordPress versions 4.2 through 4.5.1 are affected by a XSS vulnerability using specially crafted URIs through MediaElement.js, the third party library for media used by Wordpress.
Suggested Action
CCIRC recommends that owner/operators test and deploy the vendor released update or workaround to affected platforms accordingly.
References: