Version 4.1.2

On April 21, 2015, WordPress 4.1.2 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 4.1.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post:

  • A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
  • Files with invalid or unsafe names could be uploaded.
  • Some plugins are vulnerable to an SQL injection attack.
  • A very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
  • Four hardening changes, including better validation of post titles within the Dashboard.

List of Files Revised

readme.html
wp-admin/includes/class-wp-comments-list-table.php
wp-admin/includes/dashboard.php
wp-admin/includes/template.php
wp-admin/js/nav-menu.js
wp-includes/capabilities.php
wp-includes/class-wp-editor.php
wp-includes/formatting.php
wp-includes/functions.php
wp-includes/js/plupload/plupload.flash.swf
wp-includes/version.php
wp-includes/wp-db.php

First published

Last updated