If you're a WP Buffs customer, your website has already been upgraded to WordPress 4.6.1. Woohoo!
WordPress 4.6.1 has arrived! This is a security release for all previous versions, so we strongly encouraged you to update your site immediately.
WordPress versions 4.6 and earlier are affected by two security issues:
- a cross-site scripting vulnerability via image filename.
- a path traversal vulnerability in the upgrade package uploader.
In addition to the major security issues above, 4.6.1 fixes 15 bugs (see the release notes for more details).
Users who encounter any issues with or updating to WordPress 4.6.1 are encouraged to report them in the WordPress support forums.