WordPress versions 4.1.1 and earlier are affected by a critical
cross-site scripting vulnerability, which could enable anonymous
users to compromise a site.
cross-site scripting vulnerability, which could enable anonymous
users to compromise a site.
IMPACT
Vulnerability could enable anonymous users to compromise a site.
CAUSE
More information on 4.1.2 release may be found on official
WordPress website:
https://wordpress.org/news/2015/04/wordpress-4-1-2/.
SOLUTION
Update WordPress core to 4.1.2 asap. Also review: http://www.myhost.ie/blog/wordpress-security/