WordPress Update: Version 4.5.3 Security Release
WordPress 4.5.3 is now available. This is a critical security release for all previous versions. WordPress strongly recommends that we update your sites immediately.
Regarding this latest update:
- The update patches more than two dozen vulnerabilities, including 17 bugs introduced in the last three releases, all published this year. The patch covered many of the vulnerabilities that can be exploited remotely and allow an attacker full control of any website running on WordPress.
- The platform continues to focus on security; already this year WordPress has updated a handful of times with sizable security updates and in April, turned on free encryption for custom domains hosted on WordPress.
- The latest update patches vulnerabilities affecting versions 4.5.2 and earlier.
- The update addressed a redirect bypass vulnerability in WordPress customizer API, a framework used by developers to preview live changes to WordPress themes.
- Two separate cross-site scripting vulnerabilities delivered via attachment names were also patched, as was an information disclosure bug in revision history and a flaw that allows for unauthorized category removal from a post.
- The update also took care of a denial-of-service vulnerability in oEmbed, a protocol used by WordPress sites to display embedded photos or video when users link third-party content.
- Two other bugs reported by the WordPress security team round out the update: a password vulnerability via stolen cookies, and less secure sanitize_file_name edge cases.
All in all, WordPress updates are just getting better, WordPress 4.5.3 fixed 17 bugs from 4.5, 4.5.1 and 4.5.2. For more information, see WordPress’s Official release notes or consult their list of changes.