• WordPress 4.1.2 Critical Security Release

    April 21, 2015 by Support Staff
  • WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

    WordPress versions 4.1.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.

    WordPress also fixed three other security issues:

    • In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
    • In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
    • Some plugins were vulnerable to an SQL injection vulnerability.

    Download WordPress 4.1.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.1.2.

Powered by · ©2006 - 2019 Tierra Hosting, LLC · Legal · Privacy · Domain Policies · ICANN Registrant Rights & Responsibilities