WordPress 4.6.1 upgrades security, fixes 15 bugs
WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately.
The two security issues affecting WordPress 4.6 and earlier include:
- A cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin.
- A path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling.
via Help Net Security http://ift.tt/1LoKdAd
September 7, 2016 at 11:52PM