WordPress 4.6.1 Security Release
WordPress versions 4.6 and earlier are affected by two security issues:
- a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin which effects WooCommerce
- a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team which affects All in One SEO Pack
In addition to the security issues above, WordPress 4.6.1 fixes 15 bugs from 4.6.