This is a message brought by Appticles.Com, a mobile content delivery and monetization platform for small and medium publishers, which service I use from time to time. The message is loud and clear: “If you run on a self-hosted WordPress installation or on Drupal, update your software now!“
According to Appticles.com, an XML vulnerability that impacts the popular website platforms WordPress and Drupal has been recently discovered. The vulnerability uses a well-known XML Quadratic Blowup Attack — and when executed, it can take down an entire website or server almost instantly. The XML vulnerability affects WordPress versions 3.5 to 3.9 (the current version) and works on the default installation. It affects Drupal versions 6.x to 7.x (the latest version) and also works on the default installation.
The good news is that both WordPress and Drupal have released patches for their applications. You simply need to upgrade to the latest version to protect against the vulnerability.
WordPress and Drupal users are encouraged to upgrade as soon as possible to:
- WordPress 3.9.2 Security Release
- SA-CORE-2014-004 – Drupal core
Appticles.com uses the XML-RPC protocol to communicate with your WordPress or Drupal platform. While they are NOT directly affected by this vulnerability, they are concerned that it might cause you interruption of 3rd party services (including Appticles), in case it gets exploited on your side. So please update your WordPress and Drupal now.
– XML Vulnerability: Update Your WordPress Now!