A new update of WordPress that fixes three vulnerabilities have been released. It is strongly advised to update WordPress to this version as soon as possible.
WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
- Fix insufficient input validation that could result in redirecting or leading a user to another website.
More information at WordPress: http://wordpress.org/news/2013/09/wordpress-3-6-1/