14 DAY TRIAL // WordPress 3.6.1 is available for download. The latest version addresses a total of 13 bugs and three vulnerabilities in WordPress 3.6.
As far as security is concerned, unsafe PHP unserialization that can occur in limited scenarios has been blocked to prevent remote code execution.
Secondly, users with an Author role have been blocked from being able to create posts “written by” another user with the aid of specially crafted requests.
An insufficient input validation issue that could result in redirecting or leading users to another site has also been fixed.
Tom Van Goethem, Anakorn Kyavatanakij, and Dave Cummo, a Northrup Grumman subcontractor for the US Centers for Disease Control and Prevention, have been credited for identifying the vulnerabilities.
In addition to the three issues, WordPress reveals that file uploading security restrictions have been adjusted to mitigate potential cross-site scripting (XSS) attacks.
Users are advised to update their WordPress installations as soon as possible.