WordPress 4.1.2 Security Release

WordPress 4.1.2 is now available via Softaculous. This is a critical security release for all previous versions and it is strongly recommended to update your sites immediately.

You can refer to the following guide on how to upgrade your installations :
http://www.softaculous.com/docs/How_to_upgrade_installations

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.

Three other security issues were also fixed:

    In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
    In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
    Some plugins were vulnerable to an SQL injection vulnerability.

Four hardening changes have also been made in this release.

A number of plugins also released security fixes yesterday. Keep everything updated to stay secure.

Source : http://wordpress.org/

Leave a Reply