Open source platforms WordPress and Drupal are releasing a security update to both of their systems in tandem today. The patch fixes a vulnerability to denial of service attacks, which means you should update your site — NOW.

Nir Goldshlager, product security team member at Salesforce, discovered the  bug in PHP’s XML processing and reached out to security teams at both Drupal and WordPress to let them know. The companies decided to work together to create a patch and executed the fix quickly as a result.

When the vulnerability is exploited, it kills access to your site. Considering that Drupal and WordPress are used by millions of sites, this is a pretty big deal. (WordPress alone makes up around 20 percent of the Internet.)

The XML vulnerability affects WordPress versions 3.5 to the current version and Drupal versions 6.x to 7.x as well as default installations on both systems.

It makes sense that two proponents of open-source platforms and technology would work together and illustrates the capacity for collaboration amongst companies who use open source technology.

For those who want to get the update, check out the WordPress or Drupal announcement. For more details about the attack check out this article by Goldshlager and Christina Warren.


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member