Critical Wordpress Security Release (3.9.2) Available; Update Now!
WordPress version 3.9.2 was released this week and it is recommended that you install the security update now as your site may be vulnerable to DOS attacks.
According to Wordpress, this release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time the two projects have coordinated joint security releases.
If your current installation supports automatic background updates, your site should have already been updated. To install the recent security update manually, log in to your Wordpress dashboard, select updates, and click "Update Now".
The update also prevents information disclosure via XML entity attacks in the external GetID3 library, adds protections against brute attacks against CSRF tokens, and ontains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.