Giving a solution to the hyped vulnerability of WordPress plugins, there is an updated version of WordPress. WordPress 4.1.2 is made available for all the users to negate and minimalize the cross-site scripting (XXS) vulnerability that affected quite a high number of users leading to unsecure ways of using the plugins. The error possibly arises due to lack of escape for two functions of add and remove that are very often used in WordPress coding. The update promises to improve the security of plugins. Gary Pendergast, Mike Adams, and Andrew Nacin worked on the security issues. This update provides other feature too. WordPress 4.1.2 prevents the uploading of files with invalid or unsecure names. With WordPress 3.9 and upper versions, social engineering attack can now be prevented because of a limited XSS vulnerability. SQL injection vulnerability that affected multiple plugins is no more a problem. WordPress has recommended all the plugin developers to keep updated as that is the only way to be free from plugin threats and security aberrations.
read the article here:https://wordpress.org/news/2015/04/wordpress-4-1-2/