diff --git a/readme.txt b/readme.txt
index 0e56ced1d0648fa753400a80e242e88b60976900..0e003ccd4238633ff0ec1451830639d207218b08 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,8 +3,8 @@ Contributors: ethitter, stevenkword, thinkoomph
 Donate link: http://www.thinkoomph.com/plugins-modules/wp-print-friendly/
 Tags: print, template, printer, printable
 Requires at least: 3.1
-Tested up to: 4.1
-Stable tag: 0.6
+Tested up to: 4.2
+Stable tag: 0.6.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -59,6 +59,9 @@ This plugin is known to conflict with certain plugins, many pertaining to SEO an
 
 == Changelog ==
 
+= 0.6.1 =
+* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
+
 = 0.6 =
 * Revert security hotfixes made in 0.5.3 and address the vulnerabilities in the WordPress way.
 * If current user can't read a private post, don't display the print template, allowing the standard theme to handle requests.
@@ -148,6 +151,9 @@ This plugin is known to conflict with certain plugins, many pertaining to SEO an
 
 == Upgrade Notice ==
 
+= 0.6.1 =
+Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
+
 = 0.6 =
 Recommended for all users as this release addresses security vulnerabilities related to privately-published and password-protected posts.
 
diff --git a/wp-print-friendly.php b/wp-print-friendly.php
index 1dc7951ad1a49aea5217cd6d7a5f95915d55ad30..e700bd5e36d12726e4cb4065b2bf617db09bb16d 100644
--- a/wp-print-friendly.php
+++ b/wp-print-friendly.php
@@ -1,11 +1,11 @@
 <?php
 /*
 Plugin Name: WP Print Friendly
-Plugin URI: http://www.thinkoomph.com/plugins-modules/wp-print-friendly/
+Plugin URI: http://oomphinc.com/plugins-modules/wp-print-friendly/
 Description: Extends WordPress' template system to support printer-friendly templates. Works with permalink structures to support nice URLs.
 Author: Erick Hitter, Steven K Word, and Oomph, Inc.
-Version: 0.6
-Author URI: http://www.thinkoomph.com/
+Version: 0.6.1
+Author URI: http://oomphinc.com/
 Text Domain: wp_print_friendly
 
 This program is free software; you can redistribute it and/or modify
@@ -879,9 +879,9 @@ class wp_print_friendly {
 		<div id="wpf-rewrite-flush-warning" class="error fade">
 			<p><strong><?php _e( 'WP Print Friendly', 'wp_print_friendly' ); ?></strong></p>
 
-			<p><?php printf( __( 'You must refresh your site\'s permalinks before WP Print Friendly is fully activated. To do so, go to <a href="%s">Permalinks</a> and click the <strong><em>Save Changes</em></strong> button at the bottom of the screen.', 'wp_print_friendly' ), admin_url( 'options-permalink.php' ) ); ?></p>
+			<p><?php printf( __( 'You must refresh your site\'s permalinks before WP Print Friendly is fully activated. To do so, go to <a href="%s">Permalinks</a> and click the <strong><em>Save Changes</em></strong> button at the bottom of the screen.', 'wp_print_friendly' ), esc_url( admin_url( 'options-permalink.php' ) ) ); ?></p>
 
-			<p><?php printf( __( 'When finished, click <a href="%s">here</a> to hide this message.', 'wp_print_friendly' ), admin_url( add_query_arg( $this->notice_key, 1, 'index.php' ) ) ); ?></p>
+			<p><?php printf( __( 'When finished, click <a href="%s">here</a> to hide this message.', 'wp_print_friendly' ), esc_url( admin_url( add_query_arg( $this->notice_key, 1, 'index.php' ) ) ) ); ?></p>
 		</div>
 
 		<?php