August 7, 2014

Posted in:

WordPress and Drupal Denial of Service Vulnerability

There is a new vulnerability in previous versions of WordPress and Drupal that can allow a denial of service attack which ramps up the memory on the server and maxes out resources. This has been fixed in the latest versions of the respective pieces of software.

It is important to note that if any of the sites you own are running less than version 3.9.2 of WordPress or less than version 7.31 of Drupal, the software is vulnerable and should be patched immediately. WordPress has automatic updates turned on in version 3.7+. Drupal currently does not offer this functionality – it may be useful to subscribe to to get notified of security updates and releases.

As always, Edge recommends keeping software, plugins, and anything else that is installed on a server up-to-date for security reasons.

Go back