WordPress 3.9.2 is now available. For most users, this update will be automatically applied to your WordPress site for you shortly.
This is an important security release for all previous versions and all users are strongly encouraged to update your sites immediately. Most notably, “this release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team”.
WordPress 3.9.2 also contains other security changes, including the fix of “a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team”.
More information about WordPress 3.9.2: http://wordpress.org/news/2014/08/wordpress-3-9-2/