WordPress 4.6.1 Released, Patches Two Security Vulnerabilities

WordPress 4.6.1 is available and users are strongly encouraged to update immediately as it patches two security vulnerabilities. The first is a cross-site scripting vulnerability related to image filenames that was reported by Cengiz Han Sahin, a SumOfPwn researcher. The second is a path traversal vulnerability in the upgrade package uploader reported by Dominik Schilling, who led the WordPress 4.6 development cycle and is a member of the WordPress security team.

In addition to the security patches, this release fixes 15 bugs. Since 4.6.1 is a point release, most sites should update automatically. However, if you’d like to update sooner, browse to your WordPress Dashboard and select Updates and click the update now button. Users who encounter any issues with or updating to WordPress 4.6.1 are encouraged to report them in the WordPress support forums.

 

5 Comments


  1. My blog stated behaving abnormal after updating to 4.6.1.
    Sometimes it doesn’t let me to log in. what should I do? what could be the reason? any plugin compatibility or anything else?

    Report


    1. Is it only the login? If so try clearing all cookies. I know this may sound stupid but I’ve seen too many times a simple cookie issue cause major hassle. And also re-saving the permalinks structure if you manage to login. Hope this helps.

      Report


      1. Yeah thanks. cleaning the cookies solved the problem.

        Report


  2. Have a look in the site PHP log for clues.

    Report

Comments are closed.