WordPress 4.1.2 Safety And Security Launch – San Francisco

WordPress 4.1.2 Safety And Security Launch – San Francisco

WordPress 4.1.2 is currently readily available. This is a essential safety and security launch for all previous variations and also we highly motivate you to upgrade your websites promptly.

WordPress variations 4.1.1 and also earlier are impacted by an essential cross-site scripting susceptability, which might make it possible for confidential customers to endanger a website. This was reported by Cedric Van Bockhaven and also dealt with by Gary Pendergast, Mike Adams, and also Andrew Nacin of the WordPress safety and security group.

We additionally repaired 3 various other safety and security problems:

  • In WordPress 4.1 and also greater, documents with void or hazardous names might be submitted. Found by Michael Kapfer and Sebastian Kraemer of HSASec.
  • In WordPress 3.9 and also greater, a really minimal cross-site scripting susceptability might be utilized as component of a social design assault. Found by Jakub Zoczek.
  • Some plugins were prone to an SQL shot susceptability. Found by Ben Bidner of the WordPress safety and security group.

We additionally made 4 solidifying modifications, found by J.D. Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and also Jeff Bowen.

We valued the responsible disclosure of these problems straight to our safety and security group. To find out more, see the release notes or seek advice from the list of changes.

Download WordPress 4.1.2 or endeavor over to Control Panel → Updates and also just click “Update Currently.” Websites that sustain automated history updates are currently starting to upgrade to WordPress 4.1.2.

Many thanks to every person that added to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackbourn, and also Mike Adams.

A variety of plugins additionally launched safety and security solutions the other day. Maintain whatever upgraded to remain safe. If you’re a plugin writer, please read this post to validate that your plugin is not impacted by the very same concern. Thanks to every one of the plugin writers that functioned carefully with our safety and security group to make sure a worked with feedback.

Currently checking WordPress 4.2? The 3rd launch prospect is currently readily available (zip) and also it includes these solutions. For extra on 4.2, see the RC 1 announcement post.


Cogknockers is a San Francisco WordPress Development Agency with 20+ Years Experience.  WordPress Design is at the core of our services.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

0

Scroll to Top