WordPress 4.1.2 Security Release
Posted by Frank J. -'- Ahosting.net Support Team on 22 April 2015 10:52 AM
An update for WordPress was just released to address various security vulnerabilities and we strongly encourgage you to update WordPress to latest version 4.1.2 as soon as possible.
WordPress versions 4.1.1 and earlier are affected by critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This has been patched in the latest version, also fixed the following security issues on this update.
1. In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
2. In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
3. Some plugins were vulnerable to an SQL injection vulnerability.
For more details, visit official Link: