"Security issues addressed in the update include a server-side request forgery problem that allowed the exposure of information through pingbacks," The H Security reports. "According to the developers, this vulnerability could help attackers compromise an unpatched WordPress site. Cross-site scripting vulnerabilities were fixed in the external Plupload library and in the shortcode and post content handling."
"Webmasters can update their sites from within the admin dashboard if the site has been properly configured to be updated this way," writes Ghacks Technology News' Martin Brinkmann. "If this is not the case or desired, it is alternatively possible to download the latest version from the official WordPress website to install it manually on the server."