The Incutio XML-RPC (IXR) Library, that is used in WordPress 3.9.1, does not limit the number of elements in an XML document. In that way the attackers can cause a denial of service attacks via a large document.
Related records:
http://db.threatpress.com/vulnerability/wordpress/wordpress-3-9-1-denial-of-service-attacks-2
Update WordPress.