A serious Wordpress security vulnerability has been found by Nir Goldshlager, a member of the security team at Salesforce.com. The vulnerability leaves sites open to a DoS attack involving XML documents, similarly to a billion laughs attack or an XML bomb. Drupal sites could also fall victim to this attack.
Wordpress security risks are always a major concern, as the latest numbers from W3Techs show that almost 23 percent of the top 10 million sites use the content management system. According to several sources, WordPress is used by at least 60 million sites.