WordPress Security Update

by ThemeAlert
12 September 2013

3.6.1. Security Release Update

WordPress have announced a security release for core WordPress files, sealing up potential points of access for hackers. The maintenance update fixes 13 bugs; below there is more detail on the fixes from the WordPress news blog.

The latest version is Version 3.6.1 – if you haven’t already, update now.

  • Block unsafe PHP unserialisation that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Alternatively, download here.