There is a critical security issue has been detected recently with WordPress and WordPress team have released a new version.
WordPress 4.1.2 is now available, so please update all your blogs immediately. All previous versions including 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.
We appreciated the responsible disclosure of these issues directly to WordPress security team. For more information, see the release notes or consult the list of changes.