Believe it or not, there have been nearly 7,000,000 downloads of WordPress version 3.6, and now the WP team have announced the release of version 3.6.1. This is a security and maintenance release and fixes 13 little bugs from the version 3.6.
This security update fixes three issues:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
- Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.
Also, this update will adjust the security restrictions around file uploads to mitigate the potential for cross-site scripting.