WordPress 4.1.2 version released, fixes critical security bugs

Security 5 May , 2015  


WordPress 4.1.2 is the latest version of WordPress to be released to the public. A critical security release for all previous versions, WordPress 4.1.2 fixes as much as four other security issues.

The earlier versions of WordPress including version 4.1.1 were affected by a serious critical cross-scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams and Andrew Nacin of the WordPress security team.

In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as a part of a social engineering attack. It was discovered by Jakub Zoczek.

Some plugins were vulnerable to an SQL injection vulnerability.Four hardening changes, including better validation of post titles within the Dashboard were discovered by J.D.Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.

To download WordPress 4.1.2, the update can be updated automatically from the Dashboard and simply click “Update Now”. Sites that support automatic background updates are already updating to WordPress 4.1.2.

, ,