A new WordPress update has been released version 4.9.2 on January 16, 2018. This WordPress Update 4.9.2 Patches XSS Vulnerability and 22 Other Bugs.

As WordPress.org states:

This is a security and maintenance release for all versions since WordPress 3.7.

Whenever a new WordPress update is released, Win At Web will evaluate the update.

Then we will fully test and make sure that it will not break your site before we role out the update to your site.

We take pride in providing top-notch server support.

Your website security and up-time is of utmost importance to us because we care about your success.

What is in this WordPress Update 4.9.2 Patches XSS Vulnerability?

The update mainly focuses on the security vulnerability, but it also includes 21 bug fixes as well.

That makes this WordPress Update 4.9.2 Patches XSS Vulnerability extremely important.

Ian Dunn from WordPress stated:

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress.

Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

If you are using Flash on your site, please stop. Even Adobe says to stop using Flash.

Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats.

22 Bug Fixes

Bug Fixes and Patches

In addition to the security issue above, WordPress 4.9.2 contains 22 bug fixes.

Bundled Theme

  • #42820 – Twenty Seventeen -watch that language

Customize

  • #42492 – Selecting menu location changes line height
  • #42871 – Features box textstrings in Feature Filter area need new linebreak

Database

  • #42812 – Use MySQLi when available by default

Editor

  • #42664 – Editor link autocomplete suggestions: no fallback title displayed for posts with no title
  • #43012 – Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

External Libraries

  • #42439 – Update random_compat external library for PHP 7 linting failure

Formatting

  • #42578 – PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

Media

  • #42225 – Whitelist Flac Files
  • #42447 – Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn’t available
  • #42480 – Consistent suppression of `getimagesize()` errors
  • #42720 – Remove unnecessary MediaElement.js files

Plugins

  • #43082 – Add plugins search results: the plugin details modal opens in the thickbox modal

REST API

  • #42828 – Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

Taxonomy

  • #42771 – WP_Term::get_instance() regression for non-category terms queried with ‘category’ taxonomy
  • #42605 – category_description() does not work properly since 4.9
  • #42717 – get_category_link() accepting object but not id

TinyMCE

  • #42416 – Code assumes iframe mode, exception in inline mode

Upgrade/Install

  • #42963 – Improve deletion of $_old_files during upgrades

Widgets

  • #42603 – Widgets Warning after activating theme and on dashboard widgets page
  • #42719 – Always attempt to restore widgets’ previous assignment
  • #42867 – HTML Widget: toggleClass() should be passed true/false as second param

Conclusion

If you are having any issues with the WordPress Update 4.9.2 Patches XSS Vulnerability, please Contact Us immediately and we will resolve the problem.