Be prepared to be hacked if you have not updated your WordPress sites. The reason we have put this on a post is it seems that there are a number of sites on the server that’s running outdated versions of WordPress and vulnerable to this hack.
WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.
Download WordPress 4.5.2 or venture over to your WordPress Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates should have already updated to WordPress 4.5.2.
You will of possibly read about multiple widely publicized vulnerabilities in the ImageMagick image processing library, which is used by a number of hosts including ourselves and is supported in WordPress.
This vunarability was patched a day before it became common knowledge on our servers so the vulnerability doesn’t exist.