The development team over at WordPress just released a security upgrade to WordPress.
This release fixes a possible denial of service issue in PHP’s XML processing, which Mashable describes as a ‘Major Security Vulnerability in WordPress, Drupal Could Take Down Websites‘.
The release also contains a few other security changes:
- Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default)
- Prevents information disclosure via XML entity attacks in the external GetID3 library
- Adds protections against brute attacks against CSRF tokens
- Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.
You can read more about it here:
If you are a NurtureWP maintenance client – we’ve made sure your site has been upgraded to this release.