Automattic developers have just released the new WordPress 4.5.3 update. She is one information security and fixing 17 bugs.
Let's look at some of the release notes:
WordPress version 4.5.2 and all previous versions are affected by various security issues: bypasses in redirect στην προσαρμογή, που αναφέρθηκε από τον Yassine Aboukir, δύο διαφορετικά προβλήματα XSS μέσω των ονομάτων των attachments που αναφέρθηκαν από τον Jouko Pynnönen και τον Divyesh Prajapati το ιστορικό των revisions αποκαλύπτει πληροφορίες, αναφέρθηκε ανεξάρτητα από τον John Blackbourn, από την ομάδα ασφαλείας του WordPress και από τον Dan Moen.
Ένα πρόβλημα denial of service μέσω oEmbed που αναφέρθηκε από τον Jennifer Dodd και την Automattic, μη εξουσιοδοτημένη αφαίρεση κατηγορίας από δημοσίευση, που αναφέρθηκε από τον David Herrera της Alley Interactive, αλλαγή κωδικού πρόσβασης μέσω κλεμμένων cookies, reported by Michael Adams of the thw WordPress security team, and some smaller vulnerabilities such as the sanitize_file_name case reported by Peter Westwood of the WordPress security team.
More at the following link:
The files that were changed with the update in WordPress 4.5.3 are the following:
readme.html wp-admin/about.php wp-admin/nav-menus.php wp-admin/includes/ajax-actions.php wp-admin/includes/upgrade.php wp-admin/includes/post.php wp-admin/includes/class-wp-media-list-table.php wp-admin/options.php wp-admin/revision.php wp-includes/load.php wp-includes/default-filters.php wp-includes/theme-compat/embed-content.php wp-includes/embed.php wp-includes/class-wp-customize-manager.php wp-includes/js/media-views.js wp-includes/js/tinymce/wp-tinymce.js.gz wp-includes/js/tinymce/plugins/wordpress/plugin.js wp-includes/js/tinymce/plugins/wordpress/plugin.min.js wp-includes/js/tinymce/plugins/wplink/plugin.js wp-includes/js/tinymce/plugins/wplink/plugin.min.js wp-includes/js/media-views.min.js wp-includes/js/jquery/jquery-migrate.js wp-includes/js/jquery/jquery.js wp-includes/js/jquery/jquery-migrate.min.js wp-includes/class-oembed.php wp-includes/version.php wp-includes/customize/class-wp-customize-media-control.php wp-includes/customize/class-wp-customize-site-icon-control.php wp-includes/pluggable.php wp-includes/script-loader.php wp-includes/formatting.php wp-includes/class-wp-customize-widgets.php wp-includes/post-template.php