WordPress is a most powerful blogging tool and maximum number of blogs are running in wordpress around the world. We http://www.techtolead.com also hosted our blog in wordpress blogging platform. The Blog giant has released its 3.6.1 version today which includes some security updates and bug fixes.
WordPress named it as “This is a maintenance and security update.” Update your wordpress blogs now. Well we http://www.techtolead.com has been updated to wordpress 3.6.1
Download WordPress 3.6.1 @ http://wordpress.org/download/
Size : 4.3 MB as a zip and 3.8 MB as a tar.gz file.
According to WordPress.org – this update contains 3 major security issues :
Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338.
Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339.
Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340.
Additional security hardening:
Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.
Courtesy : http://codex.wordpress.org/Version_3.6.1
Complete details of the change log is available @ http://core.trac.wordpress.org/log/branches/3.6?stop_rev=24972&rev=25345