WordPress 2.3.3 Security Fix
Filed Under (News, WordPress) by Philipp on 5 February 2008

A new Version of WordPress (2.3.3) is available for Download.

This release fixes one vulnerability, which allows any authenticated user access to edit any post from any user on that Blog. This is possible by sending a malicious request via the XML-RPC interface.

Replacing the xmlrpc.php file will resolve this problem: xmlrpc.php (from WP 2.3.3).

Anyway 2.3.3 fixes some minor Bugs as well, so an entire install may be beneficial.

Original entry on WP-Dev.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Read and Contribute to BlogSec News!

Comments

DK on 5 February, 2008 at 10:23 am #

I’ve been wanting to write a small plugin that disables the XMLRPC interface and permits only limited/no functionality.

There have been a few problems with WP XMLRPC, and I wouldn’t be surprised if we see more problems in the future.


Upgrade your WordPress Now! | LifeDork on 5 February, 2008 at 1:43 pm #

[…] will be fixed! To track the current WordPress Security Advisories , you could simply track it on Blogsecurity.net . Bookmark […]


Actualización de Seguridad en WordPress actualicen a la versión 2.3.3 | La Comunidad DragonJAR on 5 February, 2008 at 6:19 pm #

[…] Información: (I II III IV V VI) Tags: Actualización • seguridad • […]


ron on 5 February, 2008 at 9:48 pm #

what if i havent upgraded yet to 2.2? can i just replace the xlmrpc file?


Actualización de Seguridad en WordPress a la versión 2.3.3 | Stuckerboy on 6 February, 2008 at 5:15 am #

[…] LINK1, LINK2 […]


Comment
Name:
Email:
Website:
Message: