by
on
under
Permalink

WordPress 4.6.1 Security and Maintenance Release

WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin ; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.

Thank you to the reporters for practicing responsible disclosure .

In addition to the security issues above, WordPress 4.6.1 fixes 15 bugs from 4.6. For more information, see the release notes  or consult the list of changes .

Download WordPress 4.6.1  or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.6.1.

Thanks to everyone who contributed to 4.6.1:

Andrew OzzbongerBoone GorgesChaos EngineDaniel Kanchev , Dion Hulse , Drew Jaynes , Felix ArntzFredrik ForsmoGary PendergastgeminorumIan Dunn , Ionut Stanciu , Jeremy Felt , Joe McGillMarius L. J. (Clorith)Pascal BirchlerRobert D PayneSergey Biryukov , and Triet Minh .

Original Article From WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *