WordPress 2.3.3. an 'urgent security release'

WordPress has released version 2.3.3 to plug a flaw that would allow a specially crafted request to edit posts of other users on that blog.

WordPress has released version 2.3.3 to plug a flaw that would allow a specially crafted request to edit posts of other users on that blog.

In a post, WordPress noted that 2.3.3 is "an urgent security release." You can fix the flaw without downloading the new version. WordPress says the following:

If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php.

In addition, WordPress detailed vulnerability in the WP-Forum plugin that is being exploited. WordPress advises that folks remove this plugin until a fix emerges.

This update is a bit of inside baseball, but given that WordPress powers a lot of blog platforms, including ZDNet's, it is worth a mention.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All