Attn: WordPress & Drupal Site Owners

A moderately critical vulnerability was discovered in the way Drupal and WordPress implement XMLRPC. This vulnerability can lead to your website being disabled via a method known as Denial of Service.

If you are taking advantage of our Maintenance Plans your website(s) have been proactively patched and you are protected from this vulnerability.

Both WordPress and Drupal have released updates: WordPress Release | Drupal Release.

If you are not one of our Maintenance Plan clients, we’re updating you to the latest versions of software over the next 24-48 hours to protect our servers.  Should you want to do the update before we get to your site, please do. Otherwise, we will continue to update sites until they’re all patched.

If you host sites elsewhere, please be sure to upgrade as soon as possible. WordPress has patched versions going back to 3.7. Prior versions will not be patched and you should seriously consider upgrading.

The update should not affect the look, feel, or function of your site.  That said, it’s always advisable to do a spot check following an update.  We’re asking all our WordPress & Drupal site owners to please do so.