This week, Automattic has released a new version of WordPress i.e. 4.6.1. This version is the security update for all the previous versions; we firmly request you to update your website immediately.
Please Note: If you have disabled background updates then you should do update your site to the latest version manually right now.
These are security issues which are fixed by WordPress 4.6.1 version:
- A cross – site scripting vulnerability via image filename (reported by SumofPawn researcher – Cengiz Han Sahin).
- A path traversal vulnerability in the upgrade package uploader (reported by Dominik Schilling) from the WordPress security team.
Go to your WordPress site dashboard to your site or download the new version of WordPress from here. Sites that support the automatic background updates are already beginning to upgrade to WordPress 4.6.1.