Believe it or not, there have been nearly 7,000,000 downloads of WordPress version 3.6, and now the WP team have announced the release of version 3.6.1. This is a security and maintenance release and fixes 13 little bugs from the version 3.6.
WordPress 3.6.1 is also a security release for EVERY previous WordPress version so WP and the Army strongly recommend that you update all your WordPress sites as soon as humanly possible.
This security update fixes three issues:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
- Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.
Also, this update will adjust the security restrictions around file uploads to mitigate the potential for cross-site scripting.