News
WordPress 2.3.3 Security Fix
A new Version of WordPress (2.3.3) is available for Download.
This release fixes one vulnerability, which allows any authenticated user access to edit any post from any user on that Blog. This is possible by sending a malicious request via the XML-RPC interface.
Replacing the xmlrpc.php file will resolve this problem: xmlrpc.php (from WP 2.3.3).
Anyway 2.3.3 fixes [...]
WordPress.com content theft
Lorelle discusses content theft on WordPress.com. Splogs continue to grow at a rapid rate.
Frisco Vista blog hacked
Frisco Vista’s WordPress blog ran into some security problems. His experience can be read here.
WP TextLinkAds Plugin SQL Injection Vulnerability follow up
The TextLinkAds WP plugin is dynamically generated to insert the API key. I think this dynamic generation may be wrecking havoc with version numbers. I have verified this vulnerabiility in version 3.0.8.
Please do not trust the version number on your WP TextLinkAds plugin, your plugin is likely vulnerable.
The advisory has been updated accordingly.
bs-wp-sandbox v1.2 released
The main changes in this version are to make it easier to use and to permit comments and post previews by default. Also, when a blacklisted page is requested bs-wp-sandbox will redirect the client to “http://yourblog/”. Now you can change the BLOGNAME variable at the top of the file to redirect the client where you [...]
