Feb 05

From the Wordpress blog

WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.

Emphasis mine. This isn’t that urgent, if you ask me. If you don’t trust users on your blog then they shouldn’t be on your blog. This won’t effect too many people, but still, it’s always worth upgrading and fixing any potential threats no matter how small a risk they are. Grab Wordpress 2.3.3 or the patched XML-RPC file if you don’t want to upgrade.

[Update]: This is more urgent than I thought for some people. I forgot that you can let people register on your blog to make comments! Those will be valid users as well and could exploit this bug. I don’t have user registration turned on, but I know a lot of people do so this is quite serious indeed. Upgrade ASAP.

2 Responses to “Wordpress 2.3.3 – Urgent Security Fix”

1 Jordan Edwards Says:

I also like to make poems and read lots of books that is related to Poetry.;~;

2 Juan Torres Says:

i love poetry because it is a way of expressing my own feelings.-.”

Leave a Reply

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution. I reserve the right to delete any comment for any reason with and will aggressively smite spam, flames and unsavory behavior.