WordPress 4.5.2 has just been released. This is a security release for all previous versions and you are strongly encouraged to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.
You can update WordPress in Dashboard > Updates – simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.2.