3 7 Aug, 2014
In Wordpress Tags:

WordPress users are highly encourage to update their 3.9.2 because it’s release with some security fixes. This Update fixes denial of service issue in PHP’s XML processing.

This bug was reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Andrew Nacin and Michael Adams of the WordPress security team and also coordinated with David Rothstein of the Drupal security team. This is the first time when wordpress two projects have coordinated together to release this security update.

Following are the some other WordPress 3.9.2 security updates:

  • Fixes a possible but unlikely code execution when handling gadgets (WordPress is not influenced of course), Discovered by Alex Concha of the WordPress security team.
  • Prevents data disclosure through XML element attacks in the outer GetID3 library, reported by Ivan Novikov of ONsec.
  • Adds Protection against savage assaults against CSRF tokens, reported by David Tomaschik of Google Security Group.
  • Contains a number of additional securities solidifying, like counteracting cross-site scripting that could be triggered only by overseers.

List of Files Revised


readme.html
wp-admin/about.php
wp-includes/ID3/getid3.lib.php
wp-includes/class-IXR.php
wp-includes/class-wp-customize-widgets.php
wp-includes/compat.php
wp-includes/pluggable.php
wp-includes/version.php
wp-login.php

You can now update wordpress 3.9.2 by browsing Dashboard > Updates in the backend of wordpress Sites that support automatic background updates will be updated to WordPress 3.9.2 within 12 hours. But if you are still using WordPress 3.7.3 or 3.8.3, will be also updated to 3.7.4 or 3.8.4. Older versions of WordPress are not supported, so you need to update it manually.

If you would like WordPress maintenance and support for your website or blog, please get in touch with our expert team of WordPress experts.

Related News