WordPress and Drupal, in a joint effort, announced today that they have released a major security update for websites that use their platforms. Nir Goldshlager, part of the Salesforce.com Product Security Team, found the denial of service issue in PHP’s XML processing. In other words, if the vulnerability is exploited, your website goes down.
The good news is that Nir reported this to WordPress and Drupal so they could create and release patches and updates to fix the vulnerability before he shared his find with the public.
Post Status said in an article, “WordPress will be automatically upgrading all eligible websites from WordPress 3.7 to WordPress 3.9 major versions to include these fixes, as well as the WordPress 4.0 beta. The latest stable branch is now WordPress 3.9.2.” If you have automatic updates enabled for your WordPress website, you should see it already, or you can download it here. You can also view the release notes for the Drupal fix here.
For more technical information on the vulnerability, take a look at this article: Major Security Vulnerability in WordPress, Drupal Could Take Down Websites