WordPress 3.9.2 Security Release

WordPress 3.9.2 release  is an important Security Release for all previous versions of WordPress and all users are strongly encouraged to update their sites immediately.

This latest 3.9.2 release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of Salesforce.com.  The XML-RPC security vulnerability affects both WordPress and Drupal sites so this was a joint release by the WordPress Security Team and the Drupal Security Team.

WordPress 3.9.2 release also contains the following fixes:

• Fixes a possible but unlikely code execution when processing widgets discovered by Alex Concha of the WordPress security team .
• Prevents information disclosure via XML entity attacks in the external GetID3 library.
• Adds protections against brute force attacks.
• Prevents cross-site scripting that could be triggered by site admins.

For most users, this update will be automatically applied to your WordPress site but it is best to check that the update has indeed happened.  See How do I find my WordPress version number? to find out the current version of WordPress installed on your website.

You can download the WordPress 3.9.2 release from this link, or head over to your Dashboard > Updates and simply click the “Update Now” button.

More information about WordPress 3.9.2: http://wordpress.org/news/2014/08/wordpress-3-9-2/