WordPress 3.6.1 [1] has been release. This is a maintenance and security release, so please upgrade as soon as you get the chance.
This .1 release fixes 13 bugs [2] and the below security issues:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem [3].
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij [4].
- Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention [5].
- Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.
Download: WordPress 3.6.1 [6]