WordPress 4.9.2 Security and Maintenance Release
An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.
MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.
Enjoy a headache-free WordPress!
WHY HESITATE? Your business niche won't! Your competition won't! YOUR ATTACKERS WON'T.
21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:
- Bundled Theme: #42820 - Twenty Seventeen -watch that language
- Customize: #42492 - Selecting menu location changes line height
- #42871 - Features box textstrings in Feature Filter area need new linebreak
- Database: #42812 - Use MySQLi when available by default
- Editor: #42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title
- External Libraries: #42439 - Update random_compat external library for PHP 7 linting failure
- Formatting: #42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.
- Media: #42225 - Whitelist Flac Files
- #42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available
- #42480 - Consistent suppression of `getimagesize()` errors
- #42720 - Remove unnecessary MediaElement.js files
- Plugins: #43082 - Add plugins search results: the plugin details modal opens in the thickbox modal
- REST API: #42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()`
- Taxonomy: #42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy
- #42605 - category_description() does not work properly since 4.9
- #42717 - get_category_link() accepting object but not id
- TinyMCE: #42416 - Code assumes iframe mode, exception in inline mode
- Upgrade/Install: #42963 - Improve deletion of $_old_files during upgrades
- Widgets: #42603 - Widgets Warning after activating theme and on dashboard widgets page
- #42719 - Always attempt to restore widgets' previous assignment
- #42867 - HTML Widget: toggleClass() should be passed true/false as second param
Protect your WordPress!
BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business.