WordPress versions 4.2.0 to 4.5.1 have been found to contain a reflected XSS vulnerability in the flashmediaelement.swf file, which poses a risk of leaking WordPress credentials and potentially leading to more severe attacks. To mitigate this threat, it is advised to upgrade to WordPress version 4.5.2 immediately, remove the vulnerable SWF file, or restrict access to specified IP addresses such as those from your office or VPN. Regular security testing of your website is also recommended to stay updated on the latest vulnerabilities and maintain security.