Wordpress 4.1.2 is the latest version of WordPress to be released to the public. A critical security release for all previous versions, WordPress 4.1.2 fixes as much as four other security issues.
The earlier versions of WordPress including version 4.1.1 were affected by a serious critical cross-scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams and Andrew Nacin of the WordPress security team.
Discovered by Michael Kapfer and Sebastian Kraemer of HSASec, files with invalid or unsafe names could be uploaded in version 4.1 and higher.
In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as a part of a social engineering attack. It was discovered by Jakub Zoczek.
Some plugins were vulnerable to an SQL injection vulnerability. Four hardening changes, including better validation of post titles within the Dashboard were discovered by J.D.Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.
In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as a part of a social engineering attack. It was discovered by Jakub Zoczek.
Some plugins were vulnerable to an SQL injection vulnerability. Four hardening changes, including better validation of post titles within the Dashboard were discovered by J.D.Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.
To download WordPress 4.1.2, the update can be updated automatically from the Dashboard and simply click “Update Now”. Sites that support automatic background updates are already updating to WordPress 4.1.2.
