WordPress 2.3.3. an 'urgent security release'

Summary:WordPress has released version 2.3.3 to plug a flaw that would allow a specially crafted request to edit posts of other users on that blog.

WordPress has released version 2.3.3 to plug a flaw that would allow a specially crafted request to edit posts of other users on that blog.

In a post, WordPress noted that 2.3.3 is "an urgent security release." You can fix the flaw without downloading the new version. WordPress says the following:

If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php.

In addition, WordPress detailed vulnerability in the WP-Forum plugin that is being exploited. WordPress advises that folks remove this plugin until a fix emerges.

This update is a bit of inside baseball, but given that WordPress powers a lot of blog platforms, including ZDNet's, it is worth a mention.

Topics: Browser, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.