WordPress 2.3.3 Security Fix

Posted by Philipp
February 5, 2008

A new Version of WordPress (2.3.3) is available for Download.

This release fixes one vulnerability, which allows any authenticated user access to edit any post from any user on that Blog. This is possible by sending a malicious request via the XML-RPC interface.

Replacing the xmlrpc.php file will resolve this problem: xmlrpc.php (from WP 2.3.3).

Anyway 2.3.3 fixes some minor Bugs as well, so an entire install may be beneficial.

Original entry on WP-Dev.

News, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by DK on February 5, 2008 @ 10:23 am

I’ve been wanting to write a small plugin that disables the XMLRPC interface and permits only limited/no functionality.

There have been a few problems with WP XMLRPC, and I wouldn’t be surprised if we see more problems in the future.

Pingback by Upgrade your WordPress Now! | LifeDork on February 5, 2008 @ 1:43 pm

[...] will be fixed! To track the current WordPress Security Advisories , you could simply track it on Blogsecurity.net . Bookmark [...]

Pingback by Actualización de Seguridad en WordPress actualicen a la versión 2.3.3 | La Comunidad DragonJAR on February 5, 2008 @ 6:19 pm

[...] Información: (I II III IV V VI) Tags: Actualización • seguridad • [...]

Comment by ron on February 5, 2008 @ 9:48 pm

what if i havent upgraded yet to 2.2? can i just replace the xlmrpc file?

Pingback by Actualización de Seguridad en WordPress a la versión 2.3.3 | Stuckerboy on February 6, 2008 @ 5:15 am

[...] LINK1, LINK2 [...]

Leave a comment

(required)

(required)