WordPress 4.6.1 is currently offered. This is a protection launch for all previous variations and also we highly motivate you to upgrade your websites right away.
WordPress variations 4.6 and also earlier are impacted by 2 protection problems: a cross-site scripting susceptability through photo filename, reported by SumOfPwn scientist Cengiz Han Sahin; and also a course traversal susceptability in the upgrade plan uploader, reported by Dominik Schilling from the WordPress protection group.
Thanks to the press reporters for exercising responsible disclosure.
Download WordPress 4.6.1 or endeavor over to Control panel → Updates and also just click “Update Currently.” Websites that sustain automated history updates are currently starting to upgrade to WordPress 4.6.1.
Many thanks to every person that added to 4.6.1:
Andrew Ozz, bonger, Boone Gorges, Chaos Engine, Daniel Kanchev, Dion Hulse, Drew Jaynes, Felix Arntz, Fredrik Forsmo, Gary Pendergast, geminorum, Ian Dunn, Ionut Stanciu, Jeremy Felt, Joe McGill, Marius L. J. (Clorith), Pascal Birchler, Robert D Payne, Sergey Biryukov, and also Triet Minh