The critical vulnerability was discovered in the WordPress and Drupal implement XMLRPC, which can lead an attacker to make your site completely offline via a Denial of Service (DoS). method.
DOS Vulnerability residesThe latest vulnerability was disclosed which trigger the DOS attack and made the site running on both CMS completely down. For this, the latest version of WordPress v3.9.2 has been released, which addresses an issue in the PHP’s XML processor that could be exploited for the Denial of service attack.
The XML vulnerability was first reported by Nir Goldshlager, a security researcher from Salesforce.com's product security team, that impacts both the popular website platforms. The issue was later fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team.
This vulnerability "XML Quadratic Blowup Attack " can cause complete CPU and memory exhaustion, which affects the site and the server and take down the whole website or server almost instantly, with the use of only a single machine.
This is been critical because of both the affecting CMS of this vulnerability host millions of websites. This WordPress is one of the popular web CMS which is used by many corporate and in-corporate users also.
What to Do Now?
As the vulnerability affects the previous version of WordPress (versions 3.5 to 3.9.1) and the previous version of Drupal (version 6. x to 7. x), So all the users of both CMS are recommended to update their CMS version immediately. The patched version of both CMS has been released so you can get it from WordPress and Drupal sites.
As earlier WordPress team has announced the automatic update feature of the CMS, so WordPress users can get the update automatically, but its recommend to Drupal users to do a manual update of its CMS.