WordPress has had an automated update mechanism in place since the 3.7 release in October 2013, and has released many updates for users since then, aimed at protecting users from core WordPress bug and security issues. However, users of 3.7 WordPress or later should check their WordPress install to ensure it was properly updated. If you have a older version of WordPress this is a critical security flaw that must be updated manually.
Specifically for WordPress 4.1.2, this latest update is aimed at four security vulnerabilities discovered. WordPress recently warned in a blog post "WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site."
One patch released in WordPress 4.1.2 is for a flaw that had the potential to enable a user to upload unsafe and/or invalid file names. WordPress versions 3.9 and higher are also being patched to rectify a vulnerability that was discovered that could have enabled a social engineering attack.
Although WordPress corrected its own XSS issues in the core applications, this risk extends to a number of plug-ins. "A number of plugins also released security fixes yesterday," WordPress stated. "Keep everything updated to stay secure." It is estimated that over 400 plug-ins may have been affected.
Developers have been working to ensure that updates are installed across all potential risk areas. If you or your business use WordPress like many millions across the globe, take steps to make sure you or your site developer are up to date on these developments.