WordPress 4.9.2 Addresses Flash Security Issue – January 17, 2018 08:30 PT

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress 4.9.2. If you haven’t already, we recommend updating to the latest version of WordPress.

 

To continue to use MediaElement, a new version is available in the WordPress plugin repository that contains a fix for the bug.

 

Security Risk: Medium

 

Actions:

  1. Update immediately to WordPress 4.9.2
  2. We recommend that you enable automatic updates on WordPress sites

 

WordPress websites and blogs hosted by CTLT

 

If your WordPress website is hoted by CTLT cms.ubc.ca, or your blog is hosted on blogs.ubc.ca, CTLT has addressed the upgrade already.

 

Additional information

https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/

If you have any questions, please contact security@ubc.ca