WordPress, the most popular blogging and website CMS in the world has recently received a new update to fix some of the bugs and security issues that were found in the previous 3.6 release.
WordPress 3.6.1 Improvements and Changelog
Following are the improvements in the WordPress 3.6.1 release as noted by the WordPress news blog.
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
- Fix insufficient input validation that could result in redirecting or leading a user to another website.
Some further details can be traced from the WordPress download release pages. Find it below
- Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution.
- Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website.
- Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
Updating to WordPress 3.6.1
The update will be available to all the existing WordPress users trough the Update System in the WordPress installs. If it doesn’t inform you about the update, Open your dashboard and Click on Updates. Do a manual check for updates here.
For new users, you can download WordPress 3.6.1 from the WordPress downloads page.