Two security issues were fixed in WordPress 4.6.1: WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team. External References: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Created wordpress tracking bugs for this issue: Affects: fedora-all [bug 1374480] Affects: epel-all [bug 1374481]
Fixed in: wordpress-4.6.1-1.el5 wordpress-4.6.1-1.el6 wordpress-4.6.1-1.el7 wordpress-4.6.1-1.fc23 wordpress-4.6.1-1.fc24 wordpress-4.6.1-1.fc25 wordpress-4.6.1-1.fc26
wordpress-4.6.1-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.