WordPress 4.1.2 Released
WordPress released a new version. It’s a minor release but it’s still an important security release, so we suggest every WordPress website owner do this upgrade.
WordPress 4.1.2 Security Release (wordpress.org)
WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
We also fixed three other security issues:
In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.
We also made four hardening changes…
A number of plugins also released security fixes yesterday. Keep everything updated to stay secure.
Our Website Maintenance Department will be in contact with you regarding these upgrades.