Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

WordPress 3.6.1 Maintenance and Security Release

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
WordPress 3.6.1 Maintenance and Security Release

Just when you think that the day was about to be over, we started seeing an update bar in our dashboard. Turns out that the WordPress has released WordPress 3.6.1, maintenance and security update. In this release, the WordPress security and maintenance team fixed three security issues, and 13 other bugs. We strongly recommend that you upgrade your WordPress sites right away.

The security fixes in WordPress 3.6.1 are:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, they also adjusted security restrictions around file uploads to mitigate potential cross-site scripting.

Among the 13 bugs, they fixed the jQuery 404 error which was causing the text editor to unresponsive. It was also breaking the comments on sites that used Jetpack comments. We got tons of reports regarding that, so we’re glad that it is fixed.

We strongly encourage you to upgrade your WordPress sites right now. Also don’t forget to create a backup just in case.

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.