WordPress and Drupal patched for DDoS vulnerability

WordPress and Drupal have been patched for, amongst other things, a vulnerability that allows an attacker to take down a WordPress or Drupal site.

The PHP XML parser used by both projects has a XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site’s database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service).

Users of WordPress should upgrade to 3.9.2 as soon as possible: https://www.drupal.org/SA-CORE-2014-004

More information:
Tags: , ,

1 reply

Comments are closed.