Skip to Main Content

Critical Wordpress Security Release (3.9.2) Available; Update Now!

Posted on 8.07.2014

WordPress version 3.9.2 was released this week and it is recommended that you install the security update now as your site may be vulnerable to DOS attacks.

According to Wordpress, this release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time the two projects have coordinated joint security releases.

If your current installation supports automatic background updates, your site should have already been updated. To install the recent security update manually, log in to your Wordpress dashboard, select updates, and click "Update Now".

The update also prevents information disclosure via XML entity attacks in the external GetID3 library, adds protections against brute attacks against CSRF tokens, and ontains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.


 SUBSCRIBE FREE to Website Magazine - 12 Issues 


WebsiteMagazineMiniLogo

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo