WordPress.org released a security update for version 3.6 on September 11, 2013. The new version fixes 13 bugs.
WordPress 3.6.1 is also a security release for all previous WordPress versions. It addresses three issues fixed by the WordPress security team:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
- Fix insufficient input validation that could result in redirecting or leading a user to another website.
The best thing you can do to keep your WordPress site secure is to keep it up to date. Always update your WordPress, plugins and theme to the latest version.
You need to update your WordPress site as soon as possible to protect it from these security “holes”. Either click on the updates button in your dashboard or download the upgraded here.
If you need any help, please contact me and I can assist you.