Wordpress has released 3.6.1, mainly a security update. This release contains an important security update to their unserialize() functions, which can allow objects/mysql injection, remote code execution, and possibly other attacks to be successful against your sites. As such, it is important to update wordpress to this latest version as soon as possible. The unserialize vulnerability is discussed in http://vagosec.org/2013/09/wordpress-php-object-injection/ for those that are interested in a good techie/geeky read. Upgrading to this version should be easy to do via wordpress's updater features. http://vagosec.org/2013/09/wordpress-php-object-injection/
Thursday, September 12, 2013