WordPress 4.1.2 Safety And Security Launch – San Francisco

WordPress 4.1.2 Safety And Security Launch – San Francisco

WordPress 4.1.2 is currently readily available. This is a crucial protection launch for all previous variations as well as we highly urge you to upgrade your websites instantly.

WordPress variations 4.1.1 as well as earlier are impacted by a crucial cross-site scripting susceptability, which might make it possible for confidential individuals to jeopardize a website. This was reported by Cedric Van Bockhaven as well as taken care of by Gary Pendergast, Mike Adams, as well as Andrew Nacin of the WordPress protection group.

We likewise dealt with 3 various other protection concerns:

  • In WordPress 4.1 as well as greater, documents with void or risky names might be posted. Uncovered by Michael Kapfer and Sebastian Kraemer of HSASec.
  • In WordPress 3.9 as well as greater, an extremely minimal cross-site scripting susceptability might be utilized as component of a social design assault. Uncovered by Jakub Zoczek.
  • Some plugins were prone to an SQL shot susceptability. Uncovered by Ben Bidner of the WordPress protection group.

We likewise made 4 solidifying modifications, uncovered by J.D. Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas as well as Jeff Bowen.

We valued the responsible disclosure of these concerns straight to our protection group. For more details, see the release notes or get in touch with the list of changes.

Download WordPress 4.1.2 or endeavor over to Control Panel → Updates as well as merely click “Update Currently.” Websites that sustain automated history updates are currently starting to upgrade to WordPress 4.1.2.

Many thanks to every person that added to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackbourn, as well as Mike Adams.

A variety of plugins likewise launched protection solutions the other day. Maintain every little thing upgraded to remain safe and secure. If you’re a plugin writer, please read this post to verify that your plugin is not impacted by the exact same concern. Thanks to every one of the plugin writers that functioned very closely with our protection group to make sure a collaborated action.

Currently checking WordPress 4.2? The 3rd launch prospect is currently readily available (zip) as well as it consists of these solutions. For extra on 4.2, see the RC 1 announcement post.


Cogknockers is a San Francisco WordPress Development Agency with 20+ Years Experience.  WordPress Design is at the core of our services.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

0

Scroll to Top