If you are using XML in some way for WordPress, here is important update for you to fix a possible denial of service issue in PHP’s XML processing.
The vulnerability uses a XML Quadratic Blowup Attack — (Allow a very small XML document to totally disrupt the services on machine in a matter of seconds) and when executed, it can take down an complete website or server almost instantly.
It affects WordPress versions 3.5 to 3.9 (the current version) and works on the default installation. The vulnerability can cause 100% CPU and RAM usage, to make server unavailable and also cause Denial of Service attack on the MySQL database program.
The problem was discovered in both Drupal and WordPresss, and both the security teams worked together to fix the issue. So it is advised to update the wordpress if you are using such XML calls or functions on your server with these CMS.
0