WordPress 3.9.2 is now available, it’s a very important security release for all previous versions of WordPress. It’s highly recommended to update your sites immediately.
I’ve got an email from Sucuri Team today telling me about this WordPress security update after a moderately critical vulnerability was discovered in the way Drupal and WordPress implement XMLRPC. This vulnerability can lead to your website being disabled via a method known as Denial of Service.
The bug was discovered by Nir Goldshlager and disclosed on his blog at BreakSec.
How to update your website?
Download WordPress 3.9.2 and do the update, or venture over to Dashboard → Updates and simply click “Update Now”.
Sites that support automatic background updates will be updated to WordPress 3.9.2 within 12 hours. (If you are still on WordPress 3.8.3 or 3.7.3, you will also updated to 3.8.4 or 3.7.4. We don’t support older versions, so please update to 3.9.2 for the latest and greatest.)