WordPress Critical Security Update
WordPress issued a critical security update to version 4.1.* – the newest version is 4.1.2. This addresses unsafe and invalid file names that could previously be uploaded in version 4.1.1. And “…a very limited cross-site scripting vulnerability could be used as part of a social engineering attack” in versions 3.9 and higher.
Several plugins outside the WordPress core were updated by their respective developers as well, to address these same issues. It is recommended to update your WordPress core files and all plugins as soon as possible to decrease your web sites vulnerability to potential hacking and attacks.
For more information, see the blog post at WordPress.org
Stay safe and have fun with your blog!