WordPress is quite diligent in issuing patches, especially for security issues. This week, they issued another that upgrades WP to 4.1.2 and patches a critical issue. The patch corrects the following:
- stops anonymous users from uploading their own files
- halts a cross-site scripting vulnerability that can be used in an social engineering hack
- patches a SQL plugin vulnerability
Some of your plugins may not work after the update, but that’s always a small price to pay. You can always find another plugin.