WordPress Releases Critical Security Update

In case you missed it, WordPress just released WordPress 4.1.2.

[UPDATE: Shortly after we posted this, WordPress released a major update to 4.2.  Personally, I'm a fan of not doing major updates until they've been out in the real world for a few weeks at least.  However WordPress, did offer an update from 4.1.2 to 4.1.3… that one we did install.  WP Tavern wrote a great post about the WordPress 4.1.3 update here.]

[UPDATE 2: On 4/27/15 (just a few days after the update above) WordPress released yet another security patch.  This took those of you who have automatic updated installed from 4.1.3 to 4.1.4 and those who upgraded to 4.2 to 4.2.1.  I know updates can be a pain, but in the “cat & mouse” game that is internet security, it's nice to know that WordPress adjusts so quickly to threats!]

It’s a very critical security release and one that should be installed as soon as you can!

WordPress has already noted that previous versions (versions 4.1.1 and earlier) “are affected by critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.”

According to their blog, the update addresses additional security issues including:

  • In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
  • In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
  • Some plugins were vulnerable to an SQL injection vulnerability.

Need to update? Login in to your WordPress dashboard and you should see updates waiting for you! If you don’t, you can still click “Updates” and you’ll see your current WordPress version.

WordPress Security Update - Updates

There’s also been a number of recent, high-profile plugins (like WordPress SEO By Yoast) that have sent out updates, so be sure to update those as well.

Finally, before you update anything, make sure you have a backup! (We use BackupBuddy to make backups daily so we always have a recent one handy.)

Have a question about this latest WordPress update? Just leave a comment below and please take a quick second to share this post and help spread the word. (The more people that have updated sites, the safer we’ll all be!)

– Mercer

About The Author


Chris Mercer, who typically goes by "Mercer", has a sales and marketing background that stretches over 20 years. He began his online marketing career in 2009 and has become a sought after analytics & conversions expert, helping other top-marketers to improve their own offers and sales funnels. Now decades of real-world experience are brought to you post-by-post as he delivers Seriously Simple Marketing tips that you can use to build your own business!