There is a new vulnerability and it doesn’t just affect WordPress, but also Drupal, which both consist of 23% of the web from the latest statistics from the World Wide Web Consortium (WC3). This XML vulnerability Goldshlager could allow cyberattcks that can take down tons of websites. It currently can affect WordPress versions 3.5 to 3.9 (the current version) and it can also work on the default installations. It affects Drupal versions 6.x to 7.x (the latest version) and just like WordPress it works also on the default installations of Drupal.
This bug can be utilized without the need of any plugins and it only needs one machine to exploit this. This vulnerability uses what is called an XML Quadratic Blowup Attack, which can allow small XML document to completely disrupt the services on a machine in seconds. If the vulnerability is exploited on websites, it can take up 100 percent of the central processing and random access memory – basically downing your website and making it inaccessible.
Security Release Fix
Here is the good news though. WordPress and Drupal have both updated their software to protect against this vulnerability. The update can vary based on your setup.
If you self-host your site, update now! To make sure you do not end up with an inaccessible website or contact your web hosting company to make sure your covered.
All WordPress customers on Covvo are currently running the latest version, so need to worry Covvo Customers. We have you covered!
In an exciting preannouncement, Covvo will be rolling out a new product soon to help those with WordPress sites with our WordPress Maintenance plans. Keep checking back. If you want more information and want to be updated on our release. Subscribe to our Newsletter below.
Subscribe to our Newsletter.
[gravityform id=”2″ name=”Newsletter” ajax=”true”]
Disclosure from Goldshlager
In a separate article on the tech site Mashable. Goldshlager noted a responsible disclosure of the vulnerability to WordPress and Drupal team before making his findings public, so both companies could patch their software.