- WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files.
- WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players.
The WordPress team strongly encourages their users to update their site to version 4.5.2. For more details please check the official announcement. Bitnami users who are already running a version of Bitnami WordPress will not be affected, as their application will be automatically updated. If you are using Bitnami WordPress, you can confirm that the update has been done by checking the version from your admin panel.
We have released Bitnami WordPress 4.5.2 (and Multisite version) installers, virtual machines and cloud images that fix these issues.
Do you have questions about Bitnami WordPress or the security issue? Post to our community forum, and we will be happy to help you.