In advance of the anticipated release of WordPress 4.2 (originally planned to be tomorrow, 4/22
WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
In the process, they are pushing three additional fixes for security issues, as well as security hardening changes. Full information is available in the WordPress 4.1.2 release notes and list of changes.
All of my personal and client websites that are powered with WordPress have been updated with this security release. In conjunction with this release, a number of plugins have been updated as well.