WordPress has just released a security update for the current stable branch of WordPress. This security update fixes a number of vulnerabilities including a critical cross-site scripting (XSS) issue, an upload restriction bypass, a SQL sanitization bypass, and a Same Origin Method Execution attack. There has also been some additional hardening to core components. A complete list of fixes is available in the following blog post on WordPress.org.

Fortunately, as a WP Engine customer, you don’t have to take any action at this time. Our technical team is already hard at work auto-updating all sites hosted with WP Engine to WordPress 4.1.2.

Please keep in mind that this security update only fixes specific security vulnerabilities and minor bugs. It should not impact any custom code in your plugins or themes.

As always, thank you for choosing WP Engine!


Jason CosperJason Cosper works as the Developer Advocate for WP Engine. He loves going full OCD over interesting problems and learning new things. In his spare time, Cosper enjoys hanging out with his wife and two very tiny dogs, grilling meats, sampling assorted whiskeys, writing cranky tweets about the Lakers and brewing coffee.