Automattic has just released the new version of WordPress 4.6.1. It's an update security, as previous versions from WordPress 4.6 onwards are affected by two security vulnerabilities:
A cross-site scripting (XSS) through someone's file image, reported by SumOfPwn researcher Cengiz Han Sahin
and a path traversal to the package uploader upgradeς, που ανέφερε ο Dominik Schilling από την team WordPress Security.
WordPress 4.6.1 also fixes 15 4.6 bugs of the XNUMX version that you can see in the following link:
Changed files:
wp-admin/about.php wp-admin/js/editor-expand.js wp-admin/js/editor-expand.min.js wp-admin/includes/media.php wp-admin/includes/class-file- upload-upgrader.php wp-admin/includes/class-language-pack-upgrader.php wp-includes/wp-db.php wp-includes/pluggable.php wp-includes/script-loader.php wp-includes/general-template.php wp-includes/css/editor.css wp-includes/css/editor.min.css wp-includes/css/editor-rtl.css wp-includes/css/editor-rtl.min.css wp-includes/functions.php wp-includes/class-wp-editor.php wp-includes/taxonomy.php wp-includes/load.php wp-includes/version.php wp-includes/class-http.php wp-includes/js/tinymce/skins/wordpress/wp-content.css wp-includes/js/jquery/jquery.masonry.min.js wp-includes/Requests/Transport/cURL.php wp-includes/revision.php wp-content/plugins readme.html