WordPress 3.9.2 has been released to address multiple vulnerabilities, including a critical security bug that could allow a critical denial of service issue. WordPress is the most popular Content Management System (CMS) used to create and maintain content on web sites and is provided free as an open source application.
According to the WordPress release announcement “This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team.” The bug has been identified in both WordPress and another popular open source CMS, Drupal. The result of this bug is that access to the web site can be cut off completely.
The fix for this critical security bug was produced working in coordination with the security team from Drupal. Drupal released its own security update to fix this issue on August 7th. While Drupal is used on over a million web sites, its presence is dwarfed by the incredibly popular WordPress. According to W3techs.com, WordPress has a 61% share of the market for Content Management Systems and is used on 23% of all web sites they survey.
in PHP’s XML processing. WordPress 3.7.3 or 3.8.3 users will be updated to 3.7.4 or 3.8.4. Users operating older, unsupported versions of WordPress are encouraged to upgrade to 3.9.2.