WordPress security and maintenance release 4.9.2 was released yesterday.
It includes a number of fixes with the primary one to help fix a potential XSS security vulnerability in the Media Element. An issue was found in the Flash fall back files, these ar enow not generally required so have been removed from WordPress. They are available still via an updated plugin.
What is XSS?
XSS refers to Cross Site Scripting and is where code is injected into a website that allows content, often unsuitable or malicious to be delivered from another site. A website owner that has not upgraded their current core CMS software may be exposed to a third party adding content into their unprotected website.This is either shown to their visitors e.g. pornography or may lead to visitors downloading viruses to their devices.