WordPress 4.6.1 upgrades security, fixes 15 bugs

HITBSecConf2019 - The 10the annual HITB Security Conference in The Netherlands - Trainings, Conference track and Haxpo exhibition. Register now.

WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately.

WordPress 4.6.1

The two security issues affecting WordPress 4.6 and earlier include:

  • A cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin.
  • A path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling.

For more information on the 15 bugs from 4.6, read the release notes or check out the list of changes.