This week, WordPress issued version 3.6.1—a maintenance and security release. According to WP, there have been nearly 7 million downloads of WordPress 3.6. These users should definitely upgrade to this latest version which fixes 13 bugs from that release.
While I haven’t personally experience any problems with WP 3.6, version 3.6.1 apparently addresses three main fixes by the security team. Unsafe PHP unserialization which could lead to remote code execution has been block. Users with the Author role are now prevented from creating a post labeled as written by some other user. And, insufficient input validation has been fixed—preventing a user from being lead to another site.
As always, be sure you have a backup before upgrading to this latest version.