WordPress 3.6.0 and below is vulnerable to remote code execution attacks. Details are available in CVE-2013-4338.
WordPress 3.6.1 has been released to address this security issue. This article describes how to update your WordPress installation.
If WordPress has been installed from Application Catalog...
To update a single application on a specific subscription, go to subscription > "Applications" tab > "Manage My Applications" sub-section > "WordPress" and click "Update now" link in update notification section:
To view which domains have WordPress installed, go to "Tools & Settings" > "Application Vault" > "Installed Apps" tab and click older WordPress installations (e.g. WordPress (3.2.1-6)) which have one or more installations in "Number of installations":
To install update, click on "Updates are available" link under domain name:
You can also enable automatic updates for all apps following the instructions in Parallels Plesk Panel Administrator's Guide.
If WordPress has been installed manually...
Follow the instructions provided in documentation on WordPress website.