WordPress 4.6.1 Security Release for WordPress
WordPress 4.6.1 is now available. This is a security release for all previous versions and sites should apply this update immediately.
Who is affected?
All WordPress versions 4.6 and earlier are affected by two security issues.
- a cross-site scripting vulnerability via image filename
- a path traversal vulnerability in the upgrade package uploader
For users that have a Managed WordPress Website with M R K, those sites are already beginning to update to WordPress 4.6.1.