Heads up to all WordPress users, version 4.1.2 was just released earlier today by the dev team. This version is an important update because it is a security release that addresses a critical XSS vulnerability that could allow an anonymous user to compromise a site running WordPress 4.1.1 and earlier versions.
Aside from that, WordPress 4.1.2 also contains fixes for three other critical security issues:
- In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
- In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack..
- Some plugins were vulnerable to an SQL injection vulnerability.
For those who are still running on a WordPress version prior to version 4.1.2 and would like to upgrade, you can do it via the admin panel — Dashboard > Updates > Update Now or by downloading it from WordPress.org and doing the upgrade manually. To be safe, backup all important files such as the wp-config.php, wp-content folder (themes, plugins, etc.), .htaccess file and other custom files before you proceed with the upgrade. Another thing you can do to avoid issues or conflicts with your current setup/plugins, is to make sure to deactivate all plugins.
If you’re not running the latest version – WordPress 4.1.2, stop what you’re doing or make time to do it ASAP! As I always tell myself and to everyone else, better safe than sorry!