WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.
Related records:
http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-1
http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-2
http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-3
Upgrade WordPress.