WordPress have released a critical security update for all previous versions of WordPress.
WordPress have now made version 4.1.2 available.The WordPress security team discovered that versions 4.1.1 and earlier have a critical cross-site scripting vulnerability. This could enable anonymous users to compromise a site.
Along with this particular vulnerability, the WordPress team also fixed the following issues:
- In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
- In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
- Some plugins were vulnerable to an SQL injection vulnerability.
So, if you’re using a vulnerable version of WordPress, update as soon as possible.
For more information, look at the security release announcement.
Have you found this update useful? Let us know, leave a comment below.