Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.
The latest iteration, WordPress 4.6.1, rolled out on Wednesday to address two security issues: a cross-site scripting vulnerability via image filename, and a path traversal vulnerability in the upgrade package uploader, according to WordPress.org. The update also patches 15 other bugs in the underlying CMS codebase.
The popularity of the site combined with its integration of a variety of third-party plugins has made it target for attackers in the past.
According to security researcher Graham Cluley, this latest update patches "bugs in the main WordPress content management system itself," which, he pointed out, could make nearly every site using the blogging platform vulnerable.
Users are urged to visit their WordPress admin panel and choose Dashboard/Updates/Update Now. Users can also choose to implement automatic security updates.