WordPress versions 4.5.2 and earlier are affected by several security issues:
- redirect bypass in the customizer
- two different XSS problems via attachment names
- revision history information disclosure
and immediate update is strongly recommended.
IMPORTANT THINGS TO REMEMBER WHEN YOU UPDATE WORDPRESS SOFTWARE
Before you or your webmaster or web host updates WordPress it’s strongly recommended to ensure there’s a working offsite back up of website and databases, so you can get back and get help should things go badly.
After you, your webmaster or web host updates WordPress software, or for that matter themes or plugins for WordPress, it’s highly recommended that you do UAT (User Acceptance Testing).
DON’T FEEL COMFORTABLE DOING A WORDPRESS UPDATE YOURSELF?
Although AWEBthatWORKS no longer offers this service in house, we would be happy to refer you to an experienced WordPress professional to do this for you.
Good luck do-it-yourselfers, and for more information about this critical update, visit WordPress 4.5.3 Maintenance and Security Release.