WordPress 3.6.1 is here – get it while it’s hot


WordPress 3.6.1 is also a security release for all previous WordPress versions and you are encouraged to update your sites immediately. It addresses three issues fixed by the WordPress security team:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. .
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. .
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, new security restrictions around file uploads have been added to mitigate the potential for cross-site scripting.