WordPress 4.5.2 is now available. This is a security release for
all previous versions and we strongly encourage you to update your
sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME
vulnerability through Plupload, the third-party library WordPress
uses for uploading files. WordPress versions 4.2 through 4.5.1 are
vulnerable to reflected XSS using specially crafted URIs through
MediaElement.js, the third-party library used for media players.
MediaElement.js and Plupload have also released updates fixing
these issues.