WordPress 4.9.2 Addresses Flash Security Issue – January 17, 2018 08:30 PT

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress 4.9.2. If you haven’t already, we recommend updating to the latest version of WordPress.


To continue to use MediaElement, a new version is available in the WordPress plugin repository that contains a fix for the bug.


Security Risk: Medium



  1. Update immediately to WordPress 4.9.2
  2. We recommend that you enable automatic updates on WordPress sites


WordPress websites and blogs hosted by CTLT


If your WordPress website is hoted by CTLT cms.ubc.ca, or your blog is hosted on blogs.ubc.ca, CTLT has addressed the upgrade already.


Additional information


If you have any questions, please contact security@ubc.ca