On 6 May, 2016, WordPress 4.5.2 was released which contains two important security-fixes.
The update fixed a vulnerability through Plupload, the third-party library WordPress uses for uploading files. Also an XSS vulnerability was fixed, which could be exploited by using specially crafted URIs through MediaElement.js, the third-party library used for media players.
The official update-informations can be found here.
Don’t forget to keep your WordPress installation up to date and backup before you press the button.
