WordPress 4.1.2 Safety Launch – San Francisco

WordPress 4.1.2 is currently offered. This is a crucial safety and security launch for all previous variations as well as we highly motivate you to upgrade your websites quickly.

WordPress variations 4.1.1 as well as earlier are influenced by a crucial cross-site scripting susceptability, which might make it possible for confidential individuals to endanger a website. This was reported by Cedric Van Bockhaven as well as repaired by Gary Pendergast, Mike Adams, as well as Andrew Nacin of the WordPress safety and security group.

We additionally repaired 3 various other safety and security problems:

  • In WordPress 4.1 as well as greater, data with void or risky names might be published. Found by Michael Kapfer and Sebastian Kraemer of HSASec.
  • In WordPress 3.9 as well as greater, a really restricted cross-site scripting susceptability might be made use of as component of a social design assault. Found by Jakub Zoczek.
  • Some plugins were at risk to an SQL shot susceptability. Found by Ben Bidner of the WordPress safety and security group.

We additionally made 4 setting adjustments, uncovered by J.D. Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas as well as Jeff Bowen.

We valued the responsible disclosure of these problems straight to our safety and security group. To find out more, see the release notes or get in touch with the list of changes.

Download WordPress 4.1.2 or endeavor over to Control Panel → Updates as well as merely click “Update Currently.” Websites that sustain automated history updates are currently starting to upgrade to WordPress 4.1.2.

Many thanks to everybody that added to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackbourn, as well as Mike Adams.

A variety of plugins additionally launched safety and security solutions the other day. Maintain every little thing upgraded to remain protected. If you’re a plugin writer, please read this post to validate that your plugin is not influenced by the exact same problem. Thanks to every one of the plugin writers that functioned very closely with our safety and security group to guarantee a worked with feedback.

Currently examining WordPress 4.2? The 3rd launch prospect is currently offered (zip) as well as it has these solutions. For much more on 4.2, see the RC 1 announcement post.


Cogknockers is a San Francisco WordPress Development Agency with 20+ Years Experience.  WordPress Design is at the core of our services.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

0

Scroll to Top