WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
You can read the full article here.
So far, there is no evidence that suggests the vulnerability is being actively exploited.
Here is a list of the plugins that have been identified so far:
- WordPress SEO
- Google Analytics
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- WP e-Commerce
- Download Monitor
- P3 Profiler
- iThemes Exchange
- Ninja Forms
- Aesop Story Engine
- My Calendar
If your website uses WordPress 3.7 or above then your website should be receiving automatic WordPress security updates. It is always best to update your WordPress website with the latest updates and version 4.2 is scheduled for release later this month.
If you need help implementing this security update then please get in touch. We would recommend updating your test system first to ensure the plugin updates do not impact your sites functionality.