A popular content management system (CMS) software provider that powers about a quarter of all websites in the world has issued security patches today to fix two serious security flaws.
As of February of this year, over half of all websites and blogs with a known content management system uses this as their backend. Webmasters are encouraged to update this CMS software's packages as soon as possible to protect their domains and their site users from critical vulnerabilities.
WordPress 4.6.1 is now available and it patches two security flaws that put thousands of websites at risk.
The second flaw is a path traversal vulnerability in the upgrade package uploader discovered by Dominik Schilling of WordPress' own security team.
The WordPress 4.6.1 update should fix all these vulnerabilities including 15 previous bugs from version 4.6, which include backspace jumping, infinite loops during plugin installs, thumbnail preview bugs, and email failure on certain setups.
To get this critical patch, go to your WordPress Dashboard >> Updates >> "Update Now." WordPress sites that have automatic background updates enabled should have their upgrade process already initiated.
For the regular end user, backend vulnerabilities like these show how important it is to have real-time internet protection from compromised websites and emerging threats.
To read more about the WordPress 4.6.1 security release, please check WordPress.org.