WordPress 4.1.2 is currently readily available. This is a important safety launch for all previous variations as well as we highly urge you to upgrade your websites quickly.
WordPress variations 4.1.1 as well as earlier are influenced by an important cross-site scripting susceptability, which might allow confidential customers to endanger a website. This was reported by Cedric Van Bockhaven as well as repaired by Gary Pendergast, Mike Adams, as well as Andrew Nacin of the WordPress safety group.
We additionally repaired 3 various other safety concerns:
- In WordPress 4.1 as well as greater, data with void or harmful names might be posted. Found by Michael Kapfer and Sebastian Kraemer of HSASec.
- In WordPress 3.9 as well as greater, a really restricted cross-site scripting susceptability might be utilized as component of a social design assault. Found by Jakub Zoczek.
- Some plugins were susceptible to an SQL shot susceptability. Found by Ben Bidner of the WordPress safety group.
Download WordPress 4.1.2 or endeavor over to Control Panel → Updates as well as merely click “Update Currently.” Websites that sustain automated history updates are currently starting to upgrade to WordPress 4.1.2.
Many thanks to everybody that added to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackbourn, as well as Mike Adams.
A variety of plugins additionally launched safety repairs the other day. Maintain every little thing upgraded to remain safe. If you’re a plugin writer, please read this post to validate that your plugin is not influenced by the very same problem. Thanks to every one of the plugin writers that functioned carefully with our safety group to make certain a collaborated action.