ほい、アップデートと！クロスサイトスクリプティングの脆弱性がMediaElementで存在らしい

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress. MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

WordPress 4.9.2 Security and Maintenance Release