This just in! WordPress 3.9.2 is now available as a security release for all previous versions. It is strongly advised that you update your sites immediately, as this release focuses strongly on safety and security features that may prevent potential threats.
This release fixes a possible denial of service issue in the PHP’s XML processing. A collaborative effort including Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team fixed the potential DOS problem. WordPress 3.9.2 also consists of other new security features, including:
- A possible yet unlikely code execution when processing widgets has been fixed
- Information disclosure through XML entity attacks in the external GetID3 library has been prevented
- Protects against brute attacks against CSRF tokens
- Contains some additional security hardening like preventing cross-site scripting that could only be triggered by administrators.
You can make the update to 3.9.2 immediately by navigating to Dashboard > Updates in the backend of WordPress. Sites that have automatic updates configured will be updated within 12 hours.
For more information on the recent WordPress 3.9.2 Security Release, please feel free to contact our team at Sydney Technology Solutions. You can give us a call at (02) 8212 4722 or send us an email at [email protected]. Our team is dedicated to providing you with cyber security information crucial to the safety of your company.