An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress 4.9.2. If you haven’t already, we recommend updating to the latest version of WordPress.
To continue to use MediaElement, a new version is available in the WordPress plugin repository that contains a fix for the bug.
Security Risk: Medium
Actions:
- Update immediately to WordPress 4.9.2
- We recommend that you enable automatic updates on WordPress sites
WordPress websites and blogs hosted by CTLT
If your WordPress website is hoted by CTLT cms.ubc.ca, or your blog is hosted on blogs.ubc.ca, CTLT has addressed the upgrade already.
Additional information
https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
If you have any questions, please contact security@ubc.ca