WordPress 4.5.3 security update available now

WordPress 4.5.3 was just released. This is an important security release that includes fixes for critical vulnerabilities and improvements for WordPress 4.5.2 and lower and is recommended for all WordPress users.


As always, Managed WordPress websites will be updated by 1&1 automatically. If you have installed WordPress yourself or use a standard installation from the 1&1 App Center, you can update to 4.5.3 from your WordPress Dashboard. 

Select Updates and click Update Now. If you prefer to update manually, you can download WordPress 4.5.3 here.

What’s new in WordPress 4.5.3?

This release contains important security updates and bug fixes, among other smaller improvements (wordpress.org):

  • WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati
  • revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen
  • oEmbed denial of service reported by Jennifer Dodd from Automattic
  • unauthorized category removal from a post, reported by David Herrera from Alley Interactive
  • password change via stolen cookie, reported by Michael Adams from the WordPress security team
  • some less secure sanitize_file_name edge cases reported by Peter Westwood of  the WordPress security team

In addition to the security issues above, WordPress 4.5.3 fixes 17 bugs from 4.5, 4.5.1 and 4.5.2. For more information, see the release notes or consult the list of changes.

For a complete list of all bug fixes and improvements please see the official WordPress 4.5.3 release notes.

You might also like

Please rate this post :

Leave a Reply

Your email address will not be published. Required fields are marked *