Vor kurzem ist ein "Maintenance and Security Release" veröffentlicht worden und auf den WordPress.org Servern oder über das Admin-Backend erhältlich:

WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
    Reported by Tom Van Goethem.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
    Reported by Anakorn Kyavatanakij.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.
    Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.

Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

- WordPress Blog

Also, once again - die Updatemaschine anwerfen, ist ja mittlerweile relativ bequem zu machen. Was genau noch geändert wurde, steht hier: WP Version 3.6.1