A critical security bug discovered in WordPress can cause an attacker to cripple not only your website, but the entire server your website resides on. This is due to the vulnerability in the PHP XML parser used by WordPress’ XMLRPC implementation.
This bug affects Drupal installations as well (Drupal 6 & 7)
A reasonably skilled attacker can exploit this bug and cause your server to run out of memory simply by sending a 200+ KB XML file.
This bug is critical enough to cause the security team at WordPress to backport the affected files to the earlier versions, i.e. WordPress 3.7 and WordPress 3.8
If you are currently running WP 3.7 or WP 3.8 branch, please update to the latest .4 version.
The following versions are patched against this security bug.
The following files are updated:
For more details, please visit: http://codex.wordpress.org/Version_3.9.2