WordPress 4.1.2 is now available via Softaculous. This is a critical security release for all previous versions and it is strongly recommended to update your sites immediately.
You can refer to the following guide on how to upgrade your installations :
http://www.softaculous.com/docs/How_to_upgrade_installations
WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
Three other security issues were also fixed:
-
In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
-
In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
-
Some plugins were vulnerable to an SQL injection vulnerability.
Four hardening changes have also been made in this release.
A number of plugins also released security fixes yesterday. Keep everything updated to stay secure.
Source : http://wordpress.org/
