WordPress 4.1.2 released today, its a security fix


My sites auto updated to wordpress 4.1.2 today without issue.

Read the 4.1.2 change log below

  • A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
  • Files with invalid or unsafe names could be upload.
  • Some plugins are vulnerable to an SQL injection attack.
  • A very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
  • Four hardening changes, including better validation of post titles within the Dashboard.

The last 2 days I’ve had a flurry of plugin updates because of this cross-site scripting vulnerability too . sucuri.net posted on Monday about this and a list of known plugins with this vulnerablity.

WordPress integrated a central update of all an users registered sites through https://wordpress.com/plugins from there you can update all your plugins at the same time. I’d like to see a plugins change log before I update it and hope to see it added to the wordpress site soon.

Last time a major vulnerability happened in a plugin, wordpress pushed the plugin update, some people we not happy that wordpress was also auto updating plugins. How do you feel about wordpress pushing security updates for plugins to your sites, leave a comment below.

Photo by King Brian


One thought on “WordPress 4.1.2 released today, its a security fix

  1. Pingback: Wordpress 4.2: major update, cool features

Comments are closed.

Loading Facebook Comments ...