Critical Wordpress Security Release (3.9.2) Available; Update Now!

Posted on

  • email
  • twitter
  • facebook
  • share this

share this


WordPress version 3.9.2 was released this week and it is recommended that you install the security update now as your site may be vulnerable to DOS attacks.

According to Wordpress, this release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time the two projects have coordinated joint security releases.

If your current installation supports automatic background updates, your site should have already been updated. To install the recent security update manually, log in to your Wordpress dashboard, select updates, and click "Update Now".

The update also prevents information disclosure via XML entity attacks in the external GetID3 library, adds protections against brute attacks against CSRF tokens, and ontains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.


 SUBSCRIBE FREE to Website Magazine - 12 Issues 


Login To Comment


Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up

Be the first to comment on this article

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920
Email: info@websitemagazine.com

Facebook


Twitter