If you’re a WP Buffs customer, your website has already been upgraded to WordPress 4.6.1. Woohoo!
Tierney / stock.adobe.com
WordPress 4.6.1 has arrived! This is a security release for all previous versions, so we strongly encourage you to update your site immediately.
WordPress versions 4.6 and earlier are affected by two security issues:
- a cross-site scripting vulnerability via image filename.
- a path traversal vulnerability in the upgrade package uploader.
In addition to the major security issues above, 4.6.1 fixes 15 bugs (see the release notes for more details).
Users who encounter any issues with the update to WordPress 4.6.1 are encouraged to report them in the WordPress support forums.