WordPress 4.1.2 is now available for download. This is a security release.What’s new in this release?
Fixed a critical cross-site scripting vulnerability.
Fixed files with invalid or unsafe names could be uploaded.
a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
Some plugins were vulnerable to an SQL injection vulnerability.
also four hardening changes.