Summary of WordPress 4.6.1 Security and Maintenance Release:-Two vulnerabilities in WordPress versions prior to version 4.6.1 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or a directory traversal attack on a targeted system.
The vulnerabilities are due to improper processing of user-supplied input by the affected application. An unauthenticated, remote attacker could exploit these vulnerabilities by persuading a user to visit a URL that is designed to submit malicious input to the affected application or cause the user’s browser to redirect to an arbitrary website. A successful exploit could allow the attacker to conduct an XSS attack or gain access to arbitrary files on a targeted system.
Administrators are advised to apply the appropriate updates.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.
For additional information about XSS attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectors.
Administrators are advised to monitor affected systems.
Read the full article here:
WordPress 4.6.1 Security and Maintenance Release