WordPress 4.6.1 upgrades security, fixes 15 bugs
WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately.
The two security issues affecting WordPress 4.6 and earlier include:
- A cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin.
- A path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling.
For more information on the 15 bugs from 4.6, read the release notes or check out the list of changes.