WordPress has released a security update to patch a security vulnerability that could cause a denial of service attack on your WordPress web site. They are strongly urging you to update your WordPress version to WordPress 3.9.2.
You can read more about it here:
IDP hosts a large number of WordPress sites. Please contact us if you need assistance upgrading your WordPress installation. It is important to keep your content management software up to date, especially when there is a security vulnerability that is patched.
How do I update WordPress? Good question! Here is a video:
WordPress 3.9.2 also contains other security changes:
- Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
- Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
- Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
- Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.