WordPress 4.6.1 is currently readily available. This is a safety and security launch for all previous variations as well as we highly urge you to upgrade your websites promptly.
WordPress variations 4.6 as well as earlier are impacted by 2 safety and security problems: a cross-site scripting susceptability by means of picture filename, reported by SumOfPwn scientist Cengiz Han Sahin; as well as a course traversal susceptability in the upgrade plan uploader, reported by Dominik Schilling from the WordPress safety and security group.
Thanks to the press reporters for exercising responsible disclosure.
Download WordPress 4.6.1 or endeavor over to Control panel → Updates as well as merely click “Update Currently.” Websites that sustain automated history updates are currently starting to upgrade to WordPress 4.6.1.
Many thanks to every person that added to 4.6.1:
Andrew Ozz, bonger, Boone Gorges, Chaos Engine, Daniel Kanchev, Dion Hulse, Drew Jaynes, Felix Arntz, Fredrik Forsmo, Gary Pendergast, geminorum, Ian Dunn, Ionut Stanciu, Jeremy Felt, Joe McGill, Marius L. J. (Clorith), Pascal Birchler, Robert D Payne, Sergey Biryukov, as well as Triet Minh