WordPress 3.6.1 Security Patch Released

WordPress 3.6.1 is now available for download or update within your WordPress dashboard.

This version is a maintenance and security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress Hosting

The WordPress security team resolved three security issues and they also adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

The security fixes included:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

For more information on the changes, see the release notes or consult the list of changes.