WordPress released a security and maintenance update today, version number 4.6.1. It deals with an XSS vulnerability and a path traversal vulnerability, as well as 15 bugs discovered since 4.6. Since this contains a security fix, you should update your WordPress sites immediately.
If you’re like me and just updated WordPress plugins for ~90ish sites yesterday, you’re probably facepalming right about now. But remember that WordPress’ rapid response to security issues is a really, really good thing. And updating now is a whole lot easier than dealing with a breach somewhere down the road.
You can find full details (and a download link) on the WordPress Blog.