WordPress version 4.1.2 is now available to download and contains changes to address the following serious security issues:
- A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
- Files with invalid or unsafe names could be upload.
- Some plugins are vulnerable to an SQL injection attack.
- A very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
- Four hardening changes, including better validation of post titles within the Dashboard.
You can read more about the update: https://core.trac.wordpress.org/log/branches/4.1?rev=32234&stop_rev=32144
You can download WordPress 4.1.2: http://wordpress.org/wordpress-4.1.2.zip