WPTavern: WordPress 4.9.2 Patches XSS Vulnerability
WordPress 4.9.2 has been released and patches a cross-site scripting vulnerability in the Flash fallback files in the MediaElement library. According to Ian Dunn, the Flash files are rarely needed and have been removed from WordPress.
If you need access to the Flash fallback files, they can be obtained using the MediaElement Flash Fallback plugin. Enguerran Gillier and Widiz are credited with responsibly disclosing the vulnerability.
You can view detailed information about the changes in 4.9.2 by reading the following Codex article.