WordPress 4.1.2 Released

Note: All clients will be updated today!

Previous to this post, WordPress update notifications have been taking place only over at WPbyMe.com, my WordPress training site. From this update forward, notification will take place here as well.

WordPress 4.1.2 is considered a critical security release and it is strongly encouraged you update your sites immediately. This helps to patch a critical cross-site scripting vulnerability. which could enable anonymous users to compromise a site and affect 4.1.1 and earlier releases.

In addition, the following security fixes are covered with 4.1.2:

  • Files with invalid or unsafe names could be uploaded (4.1 and higher)
  • A very limited cross-site vulnerability which could be used as part of a social engineering attack (3.9 and higher)
  • Some plugins were vulnerable to an SQL injection vulnerability.

Full source and credits to those discovering the vulnerability are available at the official release announcement at WordPress.org

Leave a Reply

Your email address will not be published. Required fields are marked *

Currently you have JavaScript disabled. In order to post comments, please make sure JavaScript and Cookies are enabled, and reload the page. Click here for instructions on how to enable JavaScript in your browser.