WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.6 and earlier are affected by two security issues:

  • a cross-site scripting vulnerability via image filename.
  • a path traversal vulnerability in the upgrade package upload.

In addition to the security issues above, WordPress 4.6.1 fixes 15 bugs from 4.6.

Download WordPress 4.6.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.6.1.