WordPress 3.9.2 is now available as a security release for all the previous versions. It’s strongly encourage to update your WordPress sites immediately.
This release fixes a possible security issue in PHP’s XML processing, which was reported by Nir Goldshlager of Salesforce.com. This was a joint release by both WordPress Security Team and Drupal Security Team as the XML-RPC security vulnerability also affects Drupal sites.
WordPress 3.9.2 also contains following fixes:
- Fixes a possible code execution when processing widgets.
- This release prevents info disclosure via XML entity attacks in the external GetID3 library.
- Adds protections against brute attacks.
- IT also prevents cross-site scripting that could be triggered only by site admins.
You can download the WordPress 3.9.2 from this link, or head over to Dashboard > Updates and simply click “Update Now” button.
Sites with automatic background updates will be updated to 3.9.1 within next 12 hours or less. If you’re still running an older version of WordPress, such as 3.8.3 or 3.7.3, you will also be updated 3.8.4 or 3.7.4.
In addition, WordPress also release 4.0 Beta 3 to fix the same security vulnerability, which can be downloaded from this link.