FreeBSD : wordpress -- multiple vulnerabilities (3686917b-164d-11e6-94fa-002590263bf5)
Medium Nessus Plugin ID 91027
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionHelen Hou-Sandi reports :
WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players.
MediaElement.js and Plupload have also released updates fixing these issues.
SolutionUpdate the affected packages.