While we all waited for WordPress 4.2 should be released, a critical cross-site scripting vulnerability was discovered. A security release was released for WordPress today. WordPress is now updated to version 4.1.2 announced Gary Pendergast on the WordPress blog. On the WordPress blog you can read: This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress 4.1.1 and earlier versions are affected by a critical cross-site scripting vulnerability. Which, at worst, would enable anonymous users to compromise a site. It is highly recommended you update your website to the latest version. The discovery was made and reported from the WordPress security team by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin. You can update to WordPress 4.1.2 by logging in to your Dashboard in WordPress – Updates and simply click the “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.1.2. Alternatively you can download the latest version from the WordPress website. More security issues that have been fixed: In WordPress 4.1 and higher, files with
Share This