Wordpress, the largest blogging platform in the world has patched number of critical security flaws in their latest Wordpress 4.1.2 update. The update patches a security hole that could allow attackers to easily hijack your Wordpress website.
The latest Wordpress update patches eight severe security vulnerabilities, one labeled high risk, three labeled medium-low risk and the last three are noted to be upgrades to Wordpress for additional hardening to the platform. Wordpress 4.1.2 is the first major security upgrade to the Wordpress core since Wordpress 4.0.1, which was released in late 2014.
“WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site,” Gary Pendergast, Wordpress blog manager wrote in the security release.
Lodged in Wordpress 4.1.2 are three additional security upgrades to the Wordpress platform, including:
- In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
- In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
- Some plugins were vulnerable to an SQL injection vulnerability.
For Wordpress blog owners, two update panels may be appearing in some admin panels, the Wordpress team is aware of the ongoing issue. To auto-update your Wordpress blog, click the colored Update Now button, and for a manual upgrade, follow the linked details below the colored button.
Wordpress 4.1.2 is not affiliated with the recent swath of cross-site scripting vulnerabilities discovered in dozens of Wordpress plugins.
Good news for Wordpress website owners, the Wordpress 4.1.2 update only patches the specified security vulnerabilities alongside minor bugs. The Wordpress update should not impact or alter any custom code in your plugins or theme, meaning, the latest update should cause little to no conflict with any third-party plugins.
If you own or manage a Wordpress blog, be sure to update your Wordpress version to the latest 4.1.2 as soon as possible. Auto-update prompts are still being pushed out to some Wordpress users, meaning if you don’t want to wait, you can install the upgrade manually. You can also navigate to Dashboard > Updates to check if you are running the latest Wordpress version.
The Wordpress 4.1.2 update patches over eight severe security flaws, it is highly recommended all Wordpress owners update their blog immediately!