Yesterday, January 16th 2018, the WordPress team released version 4.9.2, a minor update which corrects an important security issue.
An XSS vulnerability has been discovered in MediaElement’s Flash fallback files, a library that is included in WordPress. In most of the cases, these Flash-related files aren’t necessary anymore and have therefore been removed from WordPress.
The audio/video player
The team also used this opportunity to correct 21 bugs that had previously been reported. For the complet list of modifications, you can view the 4.9.2 version documentation.
If your WP site is configured correctly, the update should happen by itself. Keeping WordPress updates is a good way to ensure that it will not experience problems.
Should I perform the update ?
The answer is : yes! If you’re wondering why, read our article on why we must perform all updates (French only : faire les mises à jour de WordPress).
If your site was not automatically updated, it is highly recommended to perform the update immediately. If you need assistance, contact us. All of our clients currently on a WordPress maintenance plan can count on us to ensure that all updates are always applied as needed.