Two security issues were fixed in WordPress 4.6.1:
WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
Created wordpress tracking bugs for this issue:
Affects: fedora-all [bug 1374480]
Affects: epel-all [bug 1374481]
wordpress-4.6.1-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.